Overview

overview

8

Static

static

3

2826da09d1...e9.exe

windows7-x64

8

2826da09d1...e9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2826da09d12953f75a1b13444a03dfe9.exe

  • Size

    4.5MB

  • MD5

    2826da09d12953f75a1b13444a03dfe9

  • SHA1

    1f183b86f9140fa54ae3bef9862aeea3e33cb289

  • SHA256

    523119cba40fc37d1999ba51850376130233091c6ed74a0832dbbced9799b154

  • SHA512

    6ede86948f99e6dc2c02b8831e90727ad9fc99c4d96a54e101282a55b22d5e9b53925f9e689cd6f957e77021fafbf1365d9cdcc850587c789b4a502b38261a02

  • SSDEEP

    98304:hjX2TR/+9g+1wLgJf6PD3Nmn7AJEgLYXMKUCCCNYzQEr0WO0Yk8411bFmL1OVYIl:c1+vJiPD3Nm7AJEgLYX8CNYzQEr0WO01

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2826da09d12953f75a1b13444a03dfe9.exe
    "C:\Users\Admin\AppData\Local\Temp\2826da09d12953f75a1b13444a03dfe9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\AppData\Local\Temp\2826da09dRKJQ.exe
      -yue
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3516
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ipconfig /flushdns
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:232
  • C:\Windows\SysWOW64\ipconfig.exe
    ipconfig /flushdns
    1⤵
    • Gathers network information
    PID:208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2826da09dRKJQ.exe
    Filesize

    152KB

    MD5

    c9d27d5f4e33403af02afc0c21b6bb59

    SHA1

    8e0037406360ac8764edf513f7982d99a990e76a

    SHA256

    c4398e314844ac51f264857ac0465537a11061fd26718a1bb6de46565893c649

    SHA512

    bfdbdbfa7808c563a5ef2e69df33e7ef58b6daf0c0bd7bdd1dbfb9aced2f7ca057f32c31c839fac165593e36d14bd8d29863d77bf5b6b6dffa50df48293a6a97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2826da09dRKJQ.exe
    Filesize

    107KB

    MD5

    a9f52619afbe50b535feb980bf79a65a

    SHA1

    b46fbe156cdcc4ae2b455859920f0e0fb819556d

    SHA256

    3b4b406c9385321edb78f9d06f60b107d81ea31545a63b0e13592030e014342c

    SHA512

    4d6bd5cd7a2fe000906f19a8fbf979bf987a7b92e546e8eda3e588a0b2f1aa2631c34c05ea84e67ede5a65392cf3fea7df3999c597b683402e9ea05885297110

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2826da09dRKJQ.exe
    Filesize

    105KB

    MD5

    2682f0cb9e3013e22a99b2215067ab82

    SHA1

    a1eb3e02b6d05f910e4e4e9699abca859d01ed50

    SHA256

    774d43d429f7491103e1a321e2f5fd1e1d9462a3cf1f27acddabae472a360cb1

    SHA512

    d09cb0948cf7e5f345870bb076347746ee9f4db173630a0f954fb3a2a5993d99cbb1d2f0bcaff64b21c2d9dd4471581715500b47198435ce3448732f406974f5

    Download Submit