Overview

overview

7

Static

static

3

0ff88d143f...cf.exe

windows7-x64

7

0ff88d143f...cf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 07:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0ff88d143fbe4879f22bdc7dc36debcf.exe

  • Size

    295KB

  • MD5

    0ff88d143fbe4879f22bdc7dc36debcf

  • SHA1

    e78edc95430465547344545534b4d9d0b5ad9354

  • SHA256

    629b808dfc2bb0f2c4407d3d4f39818b1aec507de9ba4ee210e90fbe21b78af1

  • SHA512

    6103b1184d106798c6b5b66ab49f5a2ab937cc59f96f8fb3ec15dfe9e0d8a2e9a69130c189b1853a3ed89333d2b5bb54ac9ca8ace2071845e70dd9a0f5afe341

  • SSDEEP

    6144:MHogBfdMhCuPV29ww5uZbFxaSsBk3+ufkVsXXkSZngH:FQuewGgbjPsBBuf05KgH

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ff88d143fbe4879f22bdc7dc36debcf.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff88d143fbe4879f22bdc7dc36debcf.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2108
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1768

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Punp\Nyypvprwf.dll
          Filesize

          11.5MB

          MD5

          c14b4df02b1376d3ec72a315de6e2b75

          SHA1

          d01a7ed7872ca9a88331853b65b269bbf167d5f6

          SHA256

          71572ac80fa5d288423c510d034cba0389c53d598182061233b47bd06969d56f

          SHA512

          e56c66e8a537cb0638fe69c50f5e45905c631ada27fac97f3f043cc4c9329afcebb21623ef1ed8a75f3210d4514a1a863a6004eebb53631015e5fdc185e6ba15

          Download Submit

        • C:\windows\xinstall2456700.dll
          Filesize

          210KB

          MD5

          dc88ffd29510f794f0bbfb0197257133

          SHA1

          46986d7f632d167f0fdb5b43bd8c993f36223b37

          SHA256

          c9454967b340cc8ef5b3d229eac67624a2d6129e6ba5f12f254ddfafd2be0278

          SHA512

          4520a6d73b5fecc8e9ed503d6525296202a2cd660e73dea452791f8a5b1a9ebd6933788e2f1b82fe21dffe4343271d50b08f5af94d586b6888df83ee9b8d394d

          Download Submit

        • \??\c:\Win_lj.ini
          Filesize

          101B

          MD5

          7661f3d4e94a052f829a4bc399f6b3a6

          SHA1

          6122c297c99797766130ee6e7bc5d3587d82b335

          SHA256

          24d497596509b5522c95b4389c30ffe48a04bf9bc53cb627c726c6f53bf69e9c

          SHA512

          5bb7ee33f13e522f02f1f8eb6fcef28f7590643dcb7e4e7a25807dcd501a54e0bddb4d6428b7ed9ac0d3fa3d236422a91961e3e42fd129b0da7cdbc45a11185d

          Download Submit

        • memory/1768-13-0x0000000010000000-0x0000000010037000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2108-4-0x0000000010000000-0x0000000010037000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2108-11-0x0000000010000000-0x0000000010037000-memory.dmp

          Filesize

          220KB

          Download