Overview

overview

3

Static

static

3

�...v3.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    68s
  • max time network
    70s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-11-2023 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ⨯ 5/Extreme Injector v3.exe

  • Size

    1.9MB

  • MD5

    ec801a7d4b72a288ec6c207bb9ff0131

  • SHA1

    32eec2ae1f9e201516fa7fcdc16c4928f7997561

  • SHA256

    b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46

  • SHA512

    a07dd5e8241de73ce65ff8d74acef4942b85fc45cf6a7baafd3c0f9d330b08e7412f2023ba667e99b40e732a65e8fb4389f7fe73c7b6256ca71e63afe46cdcac

  • SSDEEP

    49152:NNEVtO1U1y1DDDDDD7Llngq7NNMqU0p2Vhk9a:NNEVJyZlng4p2V

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
    1⤵
    • Suspicious use of UnmapMainImage
    PID:1456
  • C:\Users\Admin\AppData\Local\Temp\⨯ 5\Extreme Injector v3.exe
    "C:\Users\Admin\AppData\Local\Temp\⨯ 5\Extreme Injector v3.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\⨯ 5\settings.xml
    Filesize

    5KB

    MD5

    1236009fd9c7acad8642d72e9ef1a515

    SHA1

    40e8dfc5c985a9aa073059dafa601f9442d6faa5

    SHA256

    81c78356de70820b23bbfd5599386732076e125b5e7d9d5142fbcb1d702dac36

    SHA512

    cf5bcdfadb5804c854f04fadcb15185e8541dbe3fe8bbb8119af9f07363915d044630cd4736571f1f2b1b45e574dfeb5eaa787b517613a2d77aa0ba92d8b00e3

    Download Submit

  • memory/2308-7-0x000000001B950000-0x000000001B960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2308-2-0x000000001B950000-0x000000001B960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2308-3-0x000000001B710000-0x000000001B722000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2308-4-0x000000001DD90000-0x000000001DDCC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2308-6-0x000000001B950000-0x000000001B960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2308-0-0x0000000000950000-0x0000000000B36000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2308-8-0x000000001B950000-0x000000001B960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2308-9-0x00007FFB14A80000-0x00007FFB15541000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2308-12-0x000000001B950000-0x000000001B960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2308-13-0x000000001B950000-0x000000001B960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2308-14-0x000000001B950000-0x000000001B960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2308-15-0x000000001B950000-0x000000001B960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2308-1-0x00007FFB14A80000-0x00007FFB15541000-memory.dmp

    Filesize

    10.8MB

    Download