Overview

overview

10

Static

static

10

1.exe

windows7-x64

1

400.exe

windows7-x64

10

Chase_Bank...or.exe

windows7-x64

10

ChromeSoft.exe

windows7-x64

7

Fake Windo...er.exe

windows7-x64

4

Injector(v_5.24).exe

windows7-x64

8

RCE.exe

windows7-x64

10

TemD.exe

windows7-x64

10

best.exe

windows7-x64

10

btf.exe

windows7-x64

8

build.exe

windows7-x64

6

crypted.exe

windows7-x64

1

download.exe

windows7-x64

7

dp.exe

windows7-x64

7

etbnoc.exe

windows7-x64

1

fran.exe

windows7-x64

10

fud.exe

windows7-x64

1

gift_generator.exe

windows7-x64

7

lol.exe

windows7-x64

10

mt20200012.exe

windows7-x64

1

nopax.exe

windows7-x64

10

porn.jpg.exe

windows7-x64

1

putty.exe

windows7-x64

10

t.exe

windows7-x64

10

vnc.exe

windows7-x64

7

yk.exe

windows7-x64

10

zztop.exe

windows7-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2023 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dp.exe

  • Size

    626KB

  • MD5

    e8d034a10d9f1328d70e0e6ff86af115

  • SHA1

    86773bf3028d4ce4c453810b7a8db87cac27cfc1

  • SHA256

    f88ff0acb3e08e51fa051bff9a176ddb952a99bf2989032e6000b7d7c0836c07

  • SHA512

    d267737a4eb59200bb6a7bea7fffb45be3ef564f38a2d65f27cd22b7e09abbd52463806b144f0b6fa49887821f1a1d27dd555776a910291b213d5f9c85be1f6c

  • SSDEEP

    6144:MjNiSxkJDc+HCvgLqdLZhUIb7ImU46zNsOJt3:56+DcOq5Zd3IN44b

Score
7/10

Malware Config

Signatures

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dp.exe
    "C:\Users\Admin\AppData\Local\Temp\dp.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\dp.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\app.exe"
      2⤵
      • Drops startup file
      PID:2844
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" /c, "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\app.exe"
      2⤵
        PID:1052
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\app.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\app.exe"
        2⤵
        • Drops startup file
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        PID:2600

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\app.exe
      Filesize

      330KB

      MD5

      0a413aa348fee629a17b4ec090ff7711

      SHA1

      977711b1826db0c84e76c30b49064b5600574411

      SHA256

      1cf059a81cea76a70e1edbbf0d120b864b7a034eba05b5b7ef464b31ec15e67f

      SHA512

      e1f4d9f9cde5be6a6efc48c97e77d0208fbe04bac863d492f812e2bc782f9f7a7488e25680f69aa4054ac4c77099e49143d976208e54ba56ae739279291c4678

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\app.exe
      Filesize

      176KB

      MD5

      147e26c4c177a07fe74b40a8fa20bc8e

      SHA1

      d4ca9beffd2b18e4dc23a98d717bc879538ff36c

      SHA256

      fac384816df7e7c5865bc5fd6dccdce5f033b2a0dd0ba75e8cd8709c936a5faf

      SHA512

      2964cfd20672f8d3c1125fe1fb606c0608ef9a86dc9a9c93ca7ed7eb447ea58d8094bfacae8082b6b720c92e9a12a022053433b498c79ffab49f5b49814582b2

      Download Submit
    • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\app.exe
      Filesize

      626KB

      MD5

      e8d034a10d9f1328d70e0e6ff86af115

      SHA1

      86773bf3028d4ce4c453810b7a8db87cac27cfc1

      SHA256

      f88ff0acb3e08e51fa051bff9a176ddb952a99bf2989032e6000b7d7c0836c07

      SHA512

      d267737a4eb59200bb6a7bea7fffb45be3ef564f38a2d65f27cd22b7e09abbd52463806b144f0b6fa49887821f1a1d27dd555776a910291b213d5f9c85be1f6c

      Download Submit
    • memory/1600-0-0x00000000001D0000-0x0000000000276000-memory.dmp
      Filesize

      664KB

      Download
    • memory/1600-1-0x00000000743D0000-0x0000000074ABE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/1600-2-0x00000000073F0000-0x0000000007430000-memory.dmp
      Filesize

      256KB

      Download
    • memory/1600-3-0x00000000002E0000-0x00000000002F8000-memory.dmp
      Filesize

      96KB

      Download
    • memory/1600-6-0x00000000743D0000-0x0000000074ABE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2600-10-0x0000000074420000-0x0000000074B0E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2600-11-0x00000000041B0000-0x00000000041F0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2600-12-0x00000000003F0000-0x0000000000408000-memory.dmp
      Filesize

      96KB

      Download
    • memory/2600-9-0x0000000000A70000-0x0000000000B16000-memory.dmp
      Filesize

      664KB

      Download
    • memory/2600-15-0x00000000041B0000-0x00000000041F0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2600-16-0x0000000074420000-0x0000000074B0E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2600-17-0x00000000041B0000-0x00000000041F0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2600-18-0x00000000041B0000-0x00000000041F0000-memory.dmp
      Filesize

      256KB

      Download