Overview

overview

7

Static

static

3

c256204deb...45.exe

windows7-x64

7

c256204deb...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2023, 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c256204deb01c77e21ba17b5e2411245.exe

  • Size

    1.5MB

  • MD5

    c256204deb01c77e21ba17b5e2411245

  • SHA1

    95ae7fb9f6710368e44a3c4e839d3d7bebbd4d5e

  • SHA256

    f594822a45b8561a9b7a2e2ecf17558a692b1a193cf231617ba1b222723ca3ab

  • SHA512

    f3e1f38c059ce56801382c6de631d7b90077fa77a2eb997906d2f6eef8dafe38ab041f023a11b27da41b87edb16484fb095e1053e4b01204412f3a586cd34c52

  • SSDEEP

    24576:2TbBv5rUyXVZJQCx441vcF3iE0npCoc1cQhWdB7in6D+6:IBJLQCvvcF3KpSu

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c256204deb01c77e21ba17b5e2411245.exe
    "C:\Users\Admin\AppData\Local\Temp\c256204deb01c77e21ba17b5e2411245.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2040
        • C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
          "C:\reviewruntimeMonitor/BlockrefBrokerperf.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2788
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\SucyYlPBTO.bat"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1896
            • C:\Windows\system32\chcp.com
              chcp 65001
              6⤵
                PID:768
              • C:\Windows\system32\PING.EXE
                ping -n 10 localhost
                6⤵
                • Runs ping.exe
                PID:832
              • C:\reviewruntimeMonitor\explorer.exe
                "C:\reviewruntimeMonitor\explorer.exe"
                6⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:3028

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\SucyYlPBTO.bat
      Filesize

      164B

      MD5

      e30fdd238420fd5103e428661fd526f8

      SHA1

      920a7a636fcc67f01cbe404df839505f8bd83c31

      SHA256

      aba005f3a4e80938c813e9bb3956f5f54d826f12921c2bb3ef8b55ddbccf093a

      SHA512

      41d1a94e118d015487c7348543332752b96e8a155c30bfeffd8eeabe600cc13139e9647507d551938c65954a5565ad46115a1a01dbb50b12cc00757384c751a0

      Download Submit

    • C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
      Filesize

      1.2MB

      MD5

      295bf8d9b734730efa567c8da9918fe1

      SHA1

      09aabc018da124bd0ebe8e1043860015ac71aa34

      SHA256

      7b17102103af932a56eac5ea51f07a7926be23585d19b1cfe42215ce1a4fa3cc

      SHA512

      c816f7f53f5fb24eb7dcf31b8138e6717c881245d7cc2fbd53f5dc99977f8d1cef4d1afe8235b5ef0ee4397ce32a1a74720349b21d805a7f6ceac8bbc802a59c

      Download Submit

    • C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
      Filesize

      1.2MB

      MD5

      295bf8d9b734730efa567c8da9918fe1

      SHA1

      09aabc018da124bd0ebe8e1043860015ac71aa34

      SHA256

      7b17102103af932a56eac5ea51f07a7926be23585d19b1cfe42215ce1a4fa3cc

      SHA512

      c816f7f53f5fb24eb7dcf31b8138e6717c881245d7cc2fbd53f5dc99977f8d1cef4d1afe8235b5ef0ee4397ce32a1a74720349b21d805a7f6ceac8bbc802a59c

      Download Submit

    • C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat
      Filesize

      90B

      MD5

      027418c1f52c54c2519a267460bf1214

      SHA1

      f8e2f6af10f7e8bf8a94daf8ea953e18637c52d6

      SHA256

      9b0becac125e51675754b4363a01cf1619854897aa2b72fce6ecd4bae074b286

      SHA512

      93baf1b964bf3219b45a08ff52eed669389e634b67e39fe8ac3eb913d86824074192794790802e2acba2b1e9119da4520a123584d43b9bea780bb5060711bf49

      Download Submit

    • C:\reviewruntimeMonitor\explorer.exe
      Filesize

      1.2MB

      MD5

      295bf8d9b734730efa567c8da9918fe1

      SHA1

      09aabc018da124bd0ebe8e1043860015ac71aa34

      SHA256

      7b17102103af932a56eac5ea51f07a7926be23585d19b1cfe42215ce1a4fa3cc

      SHA512

      c816f7f53f5fb24eb7dcf31b8138e6717c881245d7cc2fbd53f5dc99977f8d1cef4d1afe8235b5ef0ee4397ce32a1a74720349b21d805a7f6ceac8bbc802a59c

      Download Submit

    • C:\reviewruntimeMonitor\explorer.exe
      Filesize

      1.2MB

      MD5

      295bf8d9b734730efa567c8da9918fe1

      SHA1

      09aabc018da124bd0ebe8e1043860015ac71aa34

      SHA256

      7b17102103af932a56eac5ea51f07a7926be23585d19b1cfe42215ce1a4fa3cc

      SHA512

      c816f7f53f5fb24eb7dcf31b8138e6717c881245d7cc2fbd53f5dc99977f8d1cef4d1afe8235b5ef0ee4397ce32a1a74720349b21d805a7f6ceac8bbc802a59c

      Download Submit

    • C:\reviewruntimeMonitor\explorer.exe
      Filesize

      1.2MB

      MD5

      295bf8d9b734730efa567c8da9918fe1

      SHA1

      09aabc018da124bd0ebe8e1043860015ac71aa34

      SHA256

      7b17102103af932a56eac5ea51f07a7926be23585d19b1cfe42215ce1a4fa3cc

      SHA512

      c816f7f53f5fb24eb7dcf31b8138e6717c881245d7cc2fbd53f5dc99977f8d1cef4d1afe8235b5ef0ee4397ce32a1a74720349b21d805a7f6ceac8bbc802a59c

      Download Submit

    • C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe
      Filesize

      226B

      MD5

      7d4bd2b9160e289aa7b92b5f13e5000f

      SHA1

      ff50208f3523239764f6397b1d19909f4e0c45a8

      SHA256

      ba473c76f44d3537addd866eb8b5e59cf3bac1776fba6e0131b69e914eb706c4

      SHA512

      a5cc9e9c40208e2243bbf35990fa143f02ee62b6ae7eb65d5a89d8994e60378acd497e71e76ae18709214871b91cefde18b38e7377be2aa750e053b8b69ec1c5

      Download Submit

    • \reviewruntimeMonitor\BlockrefBrokerperf.exe
      Filesize

      1.2MB

      MD5

      295bf8d9b734730efa567c8da9918fe1

      SHA1

      09aabc018da124bd0ebe8e1043860015ac71aa34

      SHA256

      7b17102103af932a56eac5ea51f07a7926be23585d19b1cfe42215ce1a4fa3cc

      SHA512

      c816f7f53f5fb24eb7dcf31b8138e6717c881245d7cc2fbd53f5dc99977f8d1cef4d1afe8235b5ef0ee4397ce32a1a74720349b21d805a7f6ceac8bbc802a59c

      Download Submit

    • \reviewruntimeMonitor\BlockrefBrokerperf.exe
      Filesize

      1.2MB

      MD5

      295bf8d9b734730efa567c8da9918fe1

      SHA1

      09aabc018da124bd0ebe8e1043860015ac71aa34

      SHA256

      7b17102103af932a56eac5ea51f07a7926be23585d19b1cfe42215ce1a4fa3cc

      SHA512

      c816f7f53f5fb24eb7dcf31b8138e6717c881245d7cc2fbd53f5dc99977f8d1cef4d1afe8235b5ef0ee4397ce32a1a74720349b21d805a7f6ceac8bbc802a59c

      Download Submit

    • memory/2788-42-0x0000000076CA0000-0x0000000076CA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-52-0x0000000000600000-0x0000000000618000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2788-18-0x0000000000260000-0x000000000026E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2788-20-0x0000000000290000-0x00000000002AC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2788-23-0x00000000002B0000-0x00000000002C8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2788-21-0x0000000076D00000-0x0000000076D01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-24-0x0000000076CF0000-0x0000000076CF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-26-0x0000000000270000-0x0000000000280000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2788-29-0x0000000076CE0000-0x0000000076CE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-28-0x0000000000280000-0x000000000028E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2788-30-0x000000001B250000-0x000000001B2D0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2788-32-0x00000000005A0000-0x00000000005B6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2788-33-0x0000000076CD0000-0x0000000076CD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-35-0x00000000005C0000-0x00000000005D2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2788-37-0x00000000002D0000-0x00000000002DE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2788-38-0x0000000076CB0000-0x0000000076CB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-40-0x00000000002F0000-0x0000000000300000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2788-41-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2788-15-0x000000001B250000-0x000000001B2D0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2788-43-0x000000001B250000-0x000000001B2D0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2788-44-0x0000000076C90000-0x0000000076C91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-46-0x0000000000300000-0x0000000000310000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2788-49-0x0000000000310000-0x000000000031E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2788-47-0x0000000076C80000-0x0000000076C81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-50-0x0000000076C70000-0x0000000076C71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-16-0x0000000076D20000-0x0000000076D21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-54-0x00000000005E0000-0x00000000005EC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2788-55-0x0000000076C60000-0x0000000076C61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2788-71-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2788-14-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2788-13-0x0000000000CE0000-0x0000000000E24000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3028-88-0x0000000076CD0000-0x0000000076CD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-93-0x000007FEF4C00000-0x000007FEF55EC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3028-76-0x000000001AFA0000-0x000000001B020000-memory.dmp

      Filesize

      512KB

      Download

    • memory/3028-77-0x0000000076D20000-0x0000000076D21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-80-0x0000000076D00000-0x0000000076D01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-83-0x0000000076CF0000-0x0000000076CF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-84-0x0000000076CE0000-0x0000000076CE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-86-0x000000001AFA0000-0x000000001B020000-memory.dmp

      Filesize

      512KB

      Download

    • memory/3028-75-0x000007FEF4C00000-0x000007FEF55EC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3028-74-0x0000000000DA0000-0x0000000000EE4000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3028-90-0x0000000076CC0000-0x0000000076CC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-94-0x0000000076CA0000-0x0000000076CA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-96-0x000000001AFA0000-0x000000001B020000-memory.dmp

      Filesize

      512KB

      Download

    • memory/3028-97-0x0000000076C90000-0x0000000076C91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-101-0x0000000076C60000-0x0000000076C61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-102-0x0000000076C80000-0x0000000076C81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-103-0x0000000076C70000-0x0000000076C71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3028-104-0x000000001AFA0000-0x000000001B020000-memory.dmp

      Filesize

      512KB

      Download