Overview

overview

7

Static

static

3

07e9e9fef2...43.exe

windows7-x64

3

07e9e9fef2...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 17:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    07e9e9fef2f3586816a1c36b41a83243.exe

  • Size

    91KB

  • MD5

    07e9e9fef2f3586816a1c36b41a83243

  • SHA1

    22eadac2df2d1eaf72cd8aca685c91a473da9d01

  • SHA256

    45c6a0ea5ef3305bf7413820b986b5094ec51de35159379cfc19d414d6c173d3

  • SHA512

    5bfa71a5389a978a9f377fa96bd5524b7402183770b6ef57007cad731d2d7f1244cbcf63c72af2a9946976b25080161d451c0ab3a9d5a18e43d23c311f25458f

  • SSDEEP

    1536:qMWZCTSGUlXzVSK9b6XElKUZinZXO6hrPcMxTeiP21mCX8BLT3W:z4CTS/VQUwUcnZXO6hA8P3Q8BLq

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 28 IoCs
  • Modifies registry class 52 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07e9e9fef2f3586816a1c36b41a83243.exe
    "C:\Users\Admin\AppData\Local\Temp\07e9e9fef2f3586816a1c36b41a83243.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /installservice
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4260
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /start
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:3840
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\07e9e9fef2f3586816a1c36b41a83243.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies registry class
      PID:332
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:3380
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:2904

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          82KB

          MD5

          c189283366f874774453d75a2d48a125

          SHA1

          1ce0fc3cbdb92ce4c21fdc54750ae98b9417859b

          SHA256

          c0699dfd36211ee7f045d6ad3cc8eb6b6296a96d87964a5a8e71c78ddd640457

          SHA512

          c41d8ae0b3948a0842c7500b47a592ed36e9fb86b58a486d353fd6953d42056be9f29c9e03287561e67f8efda45ee34836154fdabf5b48e9c808e41736c8cf8c

          Download Submit

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          75KB

          MD5

          6baf6fd695a10085bb4925260b0f8959

          SHA1

          5404fd0e414e6cdd3def294763896a251d57360d

          SHA256

          43b2540dcdde439814e4a3af093cf83fbbc464743e1fc21776b02bb5f76483f4

          SHA512

          8132bf05e65ce84205d4eab41ce4a69c4525651202f53fa4c634f527de6cee3346a3737648f83af4241804b409add8415a0ec0e8055592909aebecb077f2ac23

          Download Submit

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          91KB

          MD5

          07e9e9fef2f3586816a1c36b41a83243

          SHA1

          22eadac2df2d1eaf72cd8aca685c91a473da9d01

          SHA256

          45c6a0ea5ef3305bf7413820b986b5094ec51de35159379cfc19d414d6c173d3

          SHA512

          5bfa71a5389a978a9f377fa96bd5524b7402183770b6ef57007cad731d2d7f1244cbcf63c72af2a9946976b25080161d451c0ab3a9d5a18e43d23c311f25458f

          Download Submit

        • memory/332-36-0x00000000001C0000-0x00000000001DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2652-0-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2652-1-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2904-4565-0x00000000001C0000-0x00000000001DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-53-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-61-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-16-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-20-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-57-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-22-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-21-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-23-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-25-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-24-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-26-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-28-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-29-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-27-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-31-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-32-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-35-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-38-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-39-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-37-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-41-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-40-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-43-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-44-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-45-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-47-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-48-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-50-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-51-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-13-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-54-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-55-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-19-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-14-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-46-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-58-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-63-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-64-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-66-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-67-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-68-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-70-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-71-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-73-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-74-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-75-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-77-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-78-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-76-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-72-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-69-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-65-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-62-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-59-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-56-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-52-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-49-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-60-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-42-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-12-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-33-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-30-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-890-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-4563-0x0000000000500000-0x000000000051F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3380-11-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/3840-9-0x00000000001C0000-0x00000000001DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/4260-6-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/4260-7-0x00000000001E0000-0x00000000001FF000-memory.dmp

          Filesize

          124KB

          Download