Overview

overview

10

Static

static

3

05a7a349e3...97.exe

windows7-x64

10

05a7a349e3...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2023 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05a7a349e3cf602aa1b8f5162b5d82ecb2be9cab68186c1abf53bb38c132dd97.exe

  • Size

    5.9MB

  • MD5

    64e7cd89bb30e3e4ff61954b1eaaa75c

  • SHA1

    f8d19c2493acf007b4dcb045501ef650d4d4a6c4

  • SHA256

    05a7a349e3cf602aa1b8f5162b5d82ecb2be9cab68186c1abf53bb38c132dd97

  • SHA512

    65fa366f0d34624f12feb02e2d0b9842488db8c4b7e85207b7f1c9f213f8c22301dbfdf2e5ea63d5bdee3deeec64d979b2c732c2a13c39cb2c8aeab6e24d2b34

  • SSDEEP

    12288:0XgvmzFHi0mo5aH0qMzd58lv7FVPJQPDHvd:0XgvOHi0mGaH0qSdaFn4V

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 3 IoCs
    persistence
  • UAC bypass 3 TTPs 12 IoCs
    evasiontrojan
  • Adds policy Run key to start application 2 TTPs 28 IoCs
    persistence
  • Disables RegEdit via registry modification 6 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 64 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 6 IoCs
    evasiontrojan
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • System policy modification 1 TTPs 39 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\05a7a349e3cf602aa1b8f5162b5d82ecb2be9cab68186c1abf53bb38c132dd97.exe
    "C:\Users\Admin\AppData\Local\Temp\05a7a349e3cf602aa1b8f5162b5d82ecb2be9cab68186c1abf53bb38c132dd97.exe"
    1⤵
    • Modifies WinLogon for persistence
    • UAC bypass
    • Adds policy Run key to start application
    • Disables RegEdit via registry modification
    • Loads dropped DLL
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\ybpqekp.exe
      "C:\Users\Admin\AppData\Local\Temp\ybpqekp.exe" "-"
      2⤵
      • Modifies WinLogon for persistence
      • UAC bypass
      • Adds policy Run key to start application
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • System policy modification
      PID:2056
    • C:\Users\Admin\AppData\Local\Temp\ybpqekp.exe
      "C:\Users\Admin\AppData\Local\Temp\ybpqekp.exe" "-"
      2⤵
      • Modifies WinLogon for persistence
      • UAC bypass
      • Adds policy Run key to start application
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • System policy modification
      PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\bxeyfeccczstjmbhehbxey.ecc
    Filesize

    280B

    MD5

    ade4ad63a57d8d78ec399ee30d7d088f

    SHA1

    47d0487c18fa639020393ee4c7fd4fc44245ed81

    SHA256

    048bed3b7fcabd96504f30f7caa6f9295ac75b4fa428359807255f8d2a9e8dfd

    SHA512

    790e53db5f0161f2ac4a5f71f3bb7590d1abdd179ddb4f742ed21bd52a8674e4d81b9f50fd71c165bbf18c6e2a7d2d47e4dbecd13d92d38679978953e052d728

    Download Submit

  • C:\Program Files (x86)\bxeyfeccczstjmbhehbxey.ecc
    Filesize

    280B

    MD5

    787b375eca98529542c119fb1e72182b

    SHA1

    8157f33f4868f7e250389fd81d5b36f7ca948d9c

    SHA256

    3323bcdaa6cad71e93d0dfca205bba04e35ab166b091d6e3c7b139e9b50a0a8b

    SHA512

    ca939461655874eb95033609fd7aca69e54a70813f28da4b77d0af576404dd7d9b83dc31ee36937d0dc3f4892f470a4b56c2b7a5634f1a9681cec8b02a3d9620

    Download Submit

  • C:\Program Files (x86)\bxeyfeccczstjmbhehbxey.ecc
    Filesize

    280B

    MD5

    e53b7dbc267403783fcbc3f4f81d4e8a

    SHA1

    c7bfa3d17e751b3639db56f8ec6f4d39b9d4f0f4

    SHA256

    7bf7f6f0509ce75587f9d751ae6c545da7dcebffaecd5c7381d7ab660f3146dd

    SHA512

    8bf82dca5a47990f9b40bef4ed8ef6c74b03b0adc7ba9bfbaf1ff4ca2fe653af2cf1a333348ac3ef938d2714616d4d2b8620f3bc46f70ede67fc0b05497ee2f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ybpqekp.exe
    Filesize

    7.7MB

    MD5

    d5d8829bfcd9f56c9387386f72e2864e

    SHA1

    145dd1c5b1547950999f57650751bc32aa09f6c0

    SHA256

    bdcd82a5ccb5f5c9a6248ebba463427a3778adeda441fc1ac964582804228478

    SHA512

    07529b9dffbf1bb1c56694031ef27ac3e8b56b66ea01c065e774c04b0a634953c639997b29d41fc8e8227d3301c99a67a5a5f8b4d01c83c75dfdc120140bc9d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ybpqekp.exe
    Filesize

    7.7MB

    MD5

    d5d8829bfcd9f56c9387386f72e2864e

    SHA1

    145dd1c5b1547950999f57650751bc32aa09f6c0

    SHA256

    bdcd82a5ccb5f5c9a6248ebba463427a3778adeda441fc1ac964582804228478

    SHA512

    07529b9dffbf1bb1c56694031ef27ac3e8b56b66ea01c065e774c04b0a634953c639997b29d41fc8e8227d3301c99a67a5a5f8b4d01c83c75dfdc120140bc9d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ybpqekp.exe
    Filesize

    7.7MB

    MD5

    d5d8829bfcd9f56c9387386f72e2864e

    SHA1

    145dd1c5b1547950999f57650751bc32aa09f6c0

    SHA256

    bdcd82a5ccb5f5c9a6248ebba463427a3778adeda441fc1ac964582804228478

    SHA512

    07529b9dffbf1bb1c56694031ef27ac3e8b56b66ea01c065e774c04b0a634953c639997b29d41fc8e8227d3301c99a67a5a5f8b4d01c83c75dfdc120140bc9d9

    Download Submit

  • C:\Users\Admin\AppData\Local\bxeyfeccczstjmbhehbxey.ecc
    Filesize

    280B

    MD5

    1366557583328e0f7844f64a2c77d8d0

    SHA1

    a4d42d89ba33d11b8fb075e4e4f31c4a7cbf7e8c

    SHA256

    98fe8acc04390ad6e4ab2240295156aa714b9c27aabd25f7fbc315d29ae9b978

    SHA512

    7ce61deb4f823eea65d7bafb54be3f1f61fac43c7cce9f0ed478ed8ad0a56f16cb4eefe61e789c55ad25da5be8e7b2d10912b1e973feacac0a6841e4da5212ef

    Download Submit

  • C:\Users\Admin\AppData\Local\bxeyfeccczstjmbhehbxey.ecc
    Filesize

    280B

    MD5

    767e497494cd461d895b9dd785efaab1

    SHA1

    ad2bdc8d8ad787c88a1c3ac6ada3bbe83fda9eb7

    SHA256

    066b9b79e6e4c4254759f400111c838394c14895fe2189a270a55eb57273c864

    SHA512

    f217af86800ef6e770566367c8ea64499666aff3c6a5f958b2c01bb0d4d4e8e89520a48bef7e38f48c8ef855cd215200b4ec25104b643b7d783f36843a75d550

    Download Submit

  • C:\Users\Admin\AppData\Local\bxeyfeccczstjmbhehbxey.ecc
    Filesize

    280B

    MD5

    d18d1549cec855ea8e99fa8974b18df5

    SHA1

    196adf8e86bedf3f5b69aed409fd0b990349c474

    SHA256

    2c3c0c6af8e2efb15f6877d3d3cacf51b0a758d2fd65a9ec76c3bc356b2c89d5

    SHA512

    6d55677ebd348f1268bfdad53f423fb6ff884fbd669953b7fdeaf0bea3c71dffbe8aa7b4223eb066a57b34b6cc3485bc978ae3d793ed900800e8f6fa825a4663

    Download Submit

  • C:\Users\Admin\AppData\Local\bxeyfeccczstjmbhehbxey.ecc
    Filesize

    280B

    MD5

    f6134d2ca1f4bb03273533564ad8c848

    SHA1

    0453faa8a6b49a4566eb39347ad0b0e5b1292507

    SHA256

    09e188dc475d28ec4d308178f787820e00c6bbae64fd79ae987f4060afe01e99

    SHA512

    95acf08490d202c97a4b105e21131c0c723ab4190b2e6cf9de95aea433107324a075dc4ba395a8d3bd380eb8abc896ad56f0ee8525aa70b64f8d3c54e04356db

    Download Submit

  • C:\Users\Admin\AppData\Local\bxeyfeccczstjmbhehbxey.ecc
    Filesize

    280B

    MD5

    f7bd84fb81e305bfef077dd46615842e

    SHA1

    4726de0543d45cab9fda674128c612f5a18c617c

    SHA256

    6b930f7db1f4cb71a85261c44d06e58e30fae815a9b886044e2a00019b69cc0c

    SHA512

    e293c9fef4b3f8a0e7b9bf4248d21f655498c9933385022416e5b9aa05fd0c1a82bb2de45dbce7551d9a0aea766e53888b829081239b51e2c40be711d358837d

    Download Submit

  • C:\Users\Admin\AppData\Local\szrwoyhsdlpbcqqhpdiphmeoxitbfrsgg.fty
    Filesize

    4KB

    MD5

    89fc2d42fff653f154d8f05796a6449d

    SHA1

    31a9e27ccbefda65a6673893b9b2bfd9fed5a6d3

    SHA256

    0161451cfb27d96dfa8994a18ef7cdb1d11dccf870e08b33af8a8706389c8315

    SHA512

    34ba60d7c4f368e89b66d14b978e6230f7bbcb4ea43e6fd4c87e68263be0f8a1de9e784f58db881aea8070fc4679a8bd6bed752a00187c72d778786ae81471ab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ybpqekp.exe
    Filesize

    7.7MB

    MD5

    d5d8829bfcd9f56c9387386f72e2864e

    SHA1

    145dd1c5b1547950999f57650751bc32aa09f6c0

    SHA256

    bdcd82a5ccb5f5c9a6248ebba463427a3778adeda441fc1ac964582804228478

    SHA512

    07529b9dffbf1bb1c56694031ef27ac3e8b56b66ea01c065e774c04b0a634953c639997b29d41fc8e8227d3301c99a67a5a5f8b4d01c83c75dfdc120140bc9d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ybpqekp.exe
    Filesize

    7.7MB

    MD5

    d5d8829bfcd9f56c9387386f72e2864e

    SHA1

    145dd1c5b1547950999f57650751bc32aa09f6c0

    SHA256

    bdcd82a5ccb5f5c9a6248ebba463427a3778adeda441fc1ac964582804228478

    SHA512

    07529b9dffbf1bb1c56694031ef27ac3e8b56b66ea01c065e774c04b0a634953c639997b29d41fc8e8227d3301c99a67a5a5f8b4d01c83c75dfdc120140bc9d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ybpqekp.exe
    Filesize

    7.7MB

    MD5

    d5d8829bfcd9f56c9387386f72e2864e

    SHA1

    145dd1c5b1547950999f57650751bc32aa09f6c0

    SHA256

    bdcd82a5ccb5f5c9a6248ebba463427a3778adeda441fc1ac964582804228478

    SHA512

    07529b9dffbf1bb1c56694031ef27ac3e8b56b66ea01c065e774c04b0a634953c639997b29d41fc8e8227d3301c99a67a5a5f8b4d01c83c75dfdc120140bc9d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ybpqekp.exe
    Filesize

    7.7MB

    MD5

    d5d8829bfcd9f56c9387386f72e2864e

    SHA1

    145dd1c5b1547950999f57650751bc32aa09f6c0

    SHA256

    bdcd82a5ccb5f5c9a6248ebba463427a3778adeda441fc1ac964582804228478

    SHA512

    07529b9dffbf1bb1c56694031ef27ac3e8b56b66ea01c065e774c04b0a634953c639997b29d41fc8e8227d3301c99a67a5a5f8b4d01c83c75dfdc120140bc9d9

    Download Submit