Overview

overview

7

Static

static

3

c125695b79...64.exe

windows7-x64

7

c125695b79...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    21s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c125695b799ca0a4f302fcb6f2281a75cadff6ff1f8e3925f82a870f42fb3764.exe

  • Size

    110KB

  • MD5

    4f5d942e216097d2a0ef4e94a0f8b07b

  • SHA1

    b2a27bdc7b8502e98c134b3ce3afd35718777d2f

  • SHA256

    c125695b799ca0a4f302fcb6f2281a75cadff6ff1f8e3925f82a870f42fb3764

  • SHA512

    e69450175d2b8e72de5f4153259468c860a0a8e1fc79d653a1dd5f4cfafa042876f9a507da3ce57cb88429db51ee9a1ce8c97ad5e414e3df4c7603c3537a4f1a

  • SSDEEP

    1536:pxzBSRq0RLOFbufM/Kjz3xGNqj8t97WHS5:QsLVCpGNqotVWHS5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c125695b799ca0a4f302fcb6f2281a75cadff6ff1f8e3925f82a870f42fb3764.exe
    "C:\Users\Admin\AppData\Local\Temp\c125695b799ca0a4f302fcb6f2281a75cadff6ff1f8e3925f82a870f42fb3764.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1416
    • C:\LANjgx.exe
      C:\LANjgx.exe
      2⤵
      • Executes dropped EXE
      PID:836
      • C:\Windows\SysWOW64\explorer.exe
        "C:\Windows\System32\explorer.exe" C:\XjPUgs.exe
        3⤵
          PID:4824
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
        PID:1696

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\LANjgx.exe
        Filesize

        1KB

        MD5

        75ae5881683cda5fc136e3148f7766fe

        SHA1

        256db7a370fb75f064186415c6dc31f7b97ff868

        SHA256

        c0b1ff29cefd8e1d704dd30e443175e9ec81eed03a2e7573a8b1fbf2a8a686a3

        SHA512

        0a01dda1be938c9ff409be46b3f90c3c6b1eafc213b8ffd02676a06338c5a0f86cb8738c7ea83f90df27eee8b109d17511725d8d6d7303ab178f5b28e2076777

        Download Submit

      • C:\LANjgx.exe
        Filesize

        23KB

        MD5

        670d735596aff264163e01ac80a09753

        SHA1

        57f43e292acce52e17c30a3dcb60df80aa7578cc

        SHA256

        9c2b959b98a7b873832ff7d48855f44e9e14698dad3dd4b5792733aac6d1e079

        SHA512

        f777e731a5d65f8e5fe0225a77afdc15ba5327cc96bdd2befb503929d942d616256262c0644bdb7b202310261717889dfc3deb422a977cd30a8ae5251e2e2316

        Download Submit