nullmixer | 0bda273b4f8642af8821d39162b6628793e36215eafc6c70169e5346f2c836d2

Analysis

max time kernel
0s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18c3494de64bc551b855afeb82d9be54.exe
Size

1.5MB
MD5

18c3494de64bc551b855afeb82d9be54
SHA1

707ee21b09c8e02f9dd5bea9bab5e87818f044e9
SHA256

0bda273b4f8642af8821d39162b6628793e36215eafc6c70169e5346f2c836d2
SHA512

e9c4b975e35488d653ee7eb3419d23ab8e57205e87934316abd11bb44efe07828dada603de393a9bc995df093247c60f9539b2436e456445861eb936adff7305
SSDEEP

24576:Eg5AsqZ9ihb4A3+g1IEQJHTmVf5RC5rPNo6QVLz9GlhLgKznDtC+TMjO3Tz4EGxE:Egad9il4pglYTmHRCnot5c7pya3P4EnT

Score

10^/10

nullmixer smokeloader pub6 backdoor dropper trojan

Malware Config

Extracted

Family

nullmixer

http://wxkeww.xyz/

Extracted

Family

smokeloader

Botnet

pub6

Extracted

Family

smokeloader

Version

2020

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

Signatures

NullMixer
NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
dropper nullmixer
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
9	ipinfo.io
10	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 9 IoCs

pid	pid_target	Process	procid_target
3608	1628	WerFault.exe
752	3328	WerFault.exe	30
1644	2052	WerFault.exe	111
4588	1224	WerFault.exe	119
2684	4896	WerFault.exe	124
5036	2716	WerFault.exe	130
2920	2064	WerFault.exe	134
3068	1652	WerFault.exe	142
3880	4584	WerFault.exe	146

C:\Users\Admin\AppData\Local\Temp\18c3494de64bc551b855afeb82d9be54.exe
"C:\Users\Admin\AppData\Local\Temp\18c3494de64bc551b855afeb82d9be54.exe"
1⤵
PID:4776
- C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
  2⤵
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\7zS4DD9D277\setup_install.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4DD9D277\setup_install.exe"
    3⤵
    PID:1628

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c karotima_2.exe
1⤵
PID:4280
- C:\Users\Admin\AppData\Local\Temp\7zS4DD9D277\karotima_2.exe
  karotima_2.exe
  2⤵
  PID:3328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 416
    3⤵
    - Program crash
    PID:752

C:\Users\Admin\AppData\Local\Temp\7zS4DD9D277\karotima_1.exe
karotima_1.exe
1⤵
PID:5056

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c karotima_1.exe
1⤵
PID:4348
- C:\ProgramData\Java Updater\go9oia1wkk7119.exe
  /prstb
  2⤵
  PID:3320
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:1224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 1144
      4⤵
      Program crash
      PID:4588
- C:\ProgramData\Java Updater\go9oia1wkk7119.exe
  /prstb
  2⤵
  PID:2524
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:4896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 1148
      4⤵
      Program crash
      PID:2684
- C:\ProgramData\Java Updater\go9oia1wkk7119.exe
  /prstb
  2⤵
  PID:2988
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:2716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 1132
      4⤵
      Program crash
      PID:5036
- C:\ProgramData\Java Updater\go9oia1wkk7119.exe
  /prstb
  2⤵
  PID:2072
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:2064
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 1140
      4⤵
      Program crash
      PID:2920
- C:\ProgramData\Java Updater\go9oia1wkk7119.exe
  /prstb
  2⤵
  PID:720
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:1652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 1164
      4⤵
      Program crash
      PID:3068
- C:\ProgramData\Java Updater\go9oia1wkk7119.exe
  /prstb
  2⤵
  PID:3288
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:4584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 1080
      4⤵
      Program crash
      PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 1628 -ip 1628
1⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 444
1⤵
- Program crash
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3328 -ip 3328
1⤵
PID:4636

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:2052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 1128
  2⤵
  - Program crash
  PID:1644

C:\Users\Admin\AppData\Local\Temp\A3A2.exe
C:\Users\Admin\AppData\Local\Temp\A3A2.exe
1⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\A902.exe
C:\Users\Admin\AppData\Local\Temp\A902.exe
1⤵
PID:4636
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdater.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdater.exe"
  2⤵
  PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2052 -ip 2052
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1224 -ip 1224
1⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 4896 -ip 4896
1⤵
PID:444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2716 -ip 2716
1⤵
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 2064 -ip 2064
1⤵
PID:444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1652 -ip 1652
1⤵
PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4584 -ip 4584
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/720-242-0x0000000002160000-0x00000000021C6000-memory.dmp

Filesize
408KB

Download
memory/720-243-0x0000000002160000-0x00000000021C6000-memory.dmp

Filesize
408KB

Download
memory/1224-177-0x0000000000150000-0x0000000000583000-memory.dmp

Filesize
4.2MB

Download
memory/1224-178-0x0000000000800000-0x00000000008C4000-memory.dmp

Filesize
784KB

Download
memory/1224-166-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/1224-171-0x0000000000800000-0x00000000008C4000-memory.dmp

Filesize
784KB

Download
memory/1224-169-0x0000000000800000-0x00000000008C4000-memory.dmp

Filesize
784KB

Download
memory/1224-164-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/1224-168-0x0000000000800000-0x00000000008C4000-memory.dmp

Filesize
784KB

Download
memory/1628-57-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/1628-81-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/1628-59-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1628-56-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/1628-55-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/1628-54-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/1628-52-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/1628-51-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/1628-50-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/1628-48-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/1628-45-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/1628-76-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1628-82-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/1628-53-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/1628-80-0x000000006EB40000-0x000000006EB63000-memory.dmp

Filesize
140KB

Download
memory/1628-79-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/1628-78-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/1628-61-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1628-34-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1628-58-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/1628-46-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/1628-62-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1628-63-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1628-64-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1628-60-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1628-49-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/1652-251-0x0000000000890000-0x0000000000954000-memory.dmp

Filesize
784KB

Download
memory/1652-248-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/1652-250-0x0000000000890000-0x0000000000954000-memory.dmp

Filesize
784KB

Download
memory/2052-157-0x00000000012E0000-0x00000000013A4000-memory.dmp

Filesize
784KB

Download
memory/2052-156-0x0000000000150000-0x0000000000583000-memory.dmp

Filesize
4.2MB

Download
memory/2052-154-0x0000000004B70000-0x0000000004B72000-memory.dmp

Filesize
8KB

Download
memory/2052-105-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/2052-106-0x00000000012E0000-0x00000000013A4000-memory.dmp

Filesize
784KB

Download
memory/2052-109-0x00000000012E0000-0x00000000013A4000-memory.dmp

Filesize
784KB

Download
memory/2052-107-0x00000000012E0000-0x00000000013A4000-memory.dmp

Filesize
784KB

Download
memory/2052-103-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/2052-110-0x0000000003310000-0x0000000003311000-memory.dmp

Filesize
4KB

Download
memory/2052-145-0x00000000012E0000-0x00000000013A4000-memory.dmp

Filesize
784KB

Download
memory/2064-231-0x0000000000800000-0x00000000008C4000-memory.dmp

Filesize
784KB

Download
memory/2064-237-0x0000000000800000-0x00000000008C4000-memory.dmp

Filesize
784KB

Download
memory/2064-227-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/2064-229-0x0000000000800000-0x00000000008C4000-memory.dmp

Filesize
784KB

Download
memory/2072-220-0x0000000000990000-0x00000000009F6000-memory.dmp

Filesize
408KB

Download
memory/2072-234-0x0000000000990000-0x00000000009F6000-memory.dmp

Filesize
408KB

Download
memory/2072-223-0x0000000000990000-0x00000000009F6000-memory.dmp

Filesize
408KB

Download
memory/2524-182-0x00000000008D0000-0x0000000000936000-memory.dmp

Filesize
408KB

Download
memory/2524-194-0x00000000008D0000-0x0000000000936000-memory.dmp

Filesize
408KB

Download
memory/2524-181-0x00000000008D0000-0x0000000000936000-memory.dmp

Filesize
408KB

Download
memory/2524-184-0x00000000008D0000-0x0000000000936000-memory.dmp

Filesize
408KB

Download
memory/2716-217-0x0000000000910000-0x00000000009D4000-memory.dmp

Filesize
784KB

Download
memory/2716-211-0x0000000000910000-0x00000000009D4000-memory.dmp

Filesize
784KB

Download
memory/2716-209-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/2716-210-0x0000000000910000-0x00000000009D4000-memory.dmp

Filesize
784KB

Download
memory/2988-214-0x0000000002180000-0x00000000021E6000-memory.dmp

Filesize
408KB

Download
memory/2988-203-0x0000000002180000-0x00000000021E6000-memory.dmp

Filesize
408KB

Download
memory/2988-200-0x0000000002180000-0x00000000021E6000-memory.dmp

Filesize
408KB

Download
memory/3320-172-0x0000000000010000-0x000000000006D000-memory.dmp

Filesize
372KB

Download
memory/3320-174-0x0000000002160000-0x00000000021C6000-memory.dmp

Filesize
408KB

Download
memory/3320-163-0x0000000002160000-0x00000000021C6000-memory.dmp

Filesize
408KB

Download
memory/3320-161-0x0000000002160000-0x00000000021C6000-memory.dmp

Filesize
408KB

Download
memory/3320-160-0x0000000002160000-0x00000000021C6000-memory.dmp

Filesize
408KB

Download
memory/3328-77-0x0000000000400000-0x000000000089E000-memory.dmp

Filesize
4.6MB

Download
memory/3328-70-0x0000000000A80000-0x0000000000B80000-memory.dmp

Filesize
1024KB

Download
memory/3328-86-0x0000000000400000-0x000000000089E000-memory.dmp

Filesize
4.6MB

Download
memory/3328-72-0x0000000000920000-0x0000000000929000-memory.dmp

Filesize
36KB

Download
memory/3524-83-0x0000000002420000-0x0000000002435000-memory.dmp

Filesize
84KB

Download
memory/4348-141-0x0000000000F30000-0x0000000000FF4000-memory.dmp

Filesize
784KB

Download
memory/4348-146-0x0000000000F30000-0x0000000000FF4000-memory.dmp

Filesize
784KB

Download
memory/4348-147-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/4348-140-0x0000000077313000-0x0000000077314000-memory.dmp

Filesize
4KB

Download
memory/4348-139-0x0000000000F30000-0x0000000000FF4000-memory.dmp

Filesize
784KB

Download
memory/4348-167-0x0000000000F30000-0x0000000000FF4000-memory.dmp

Filesize
784KB

Download
memory/4348-137-0x0000000000F30000-0x0000000000FF4000-memory.dmp

Filesize
784KB

Download
memory/4348-142-0x0000000000F30000-0x0000000000FF4000-memory.dmp

Filesize
784KB

Download
memory/4636-118-0x0000000000D00000-0x0000000001296000-memory.dmp

Filesize
5.6MB

Download
memory/4636-125-0x0000000000D00000-0x0000000001296000-memory.dmp

Filesize
5.6MB

Download
memory/4896-185-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/4896-189-0x0000000001000000-0x00000000010C4000-memory.dmp

Filesize
784KB

Download
memory/4896-197-0x0000000001000000-0x00000000010C4000-memory.dmp

Filesize
784KB

Download
memory/4896-191-0x0000000001000000-0x00000000010C4000-memory.dmp

Filesize
784KB

Download
memory/4896-187-0x0000000000150000-0x0000000000584000-memory.dmp

Filesize
4.2MB

Download
memory/5012-98-0x00000000021E0000-0x0000000002246000-memory.dmp

Filesize
408KB

Download
memory/5012-100-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/5012-97-0x0000000077344000-0x0000000077345000-memory.dmp

Filesize
4KB

Download
memory/5012-102-0x00000000021E0000-0x0000000002246000-memory.dmp

Filesize
408KB

Download
memory/5012-112-0x00000000021E0000-0x0000000002246000-memory.dmp

Filesize
408KB

Download
memory/5012-93-0x0000000000010000-0x000000000006D000-memory.dmp

Filesize
372KB

Download
memory/5012-95-0x00000000021E0000-0x0000000002246000-memory.dmp

Filesize
408KB

Download
memory/5012-96-0x00000000005D0000-0x00000000005DD000-memory.dmp

Filesize
52KB

Download
memory/5012-101-0x0000000002700000-0x000000000270C000-memory.dmp

Filesize
48KB

Download
memory/5056-138-0x0000000002CD0000-0x0000000002D94000-memory.dmp

Filesize
784KB

Download
memory/5056-152-0x0000000002CD0000-0x0000000002D94000-memory.dmp

Filesize
784KB

Download
memory/5056-153-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/5056-148-0x0000000002CD0000-0x0000000002D94000-memory.dmp

Filesize
784KB

Download
memory/5056-151-0x0000000002CD0000-0x0000000002D94000-memory.dmp

Filesize
784KB

Download
memory/5056-149-0x0000000002CD0000-0x0000000002D94000-memory.dmp

Filesize
784KB

Download
memory/5056-144-0x0000000002CD0000-0x0000000002D94000-memory.dmp

Filesize
784KB

Download
memory/5056-175-0x0000000002CD0000-0x0000000002D94000-memory.dmp

Filesize
784KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads