Overview

overview

7

Static

static

3

2bf4c21348...60.exe

windows7-x64

7

2bf4c21348...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bf4c21348ce7b371d1f12dea9ef9460.exe

  • Size

    583KB

  • MD5

    2bf4c21348ce7b371d1f12dea9ef9460

  • SHA1

    ce361e2e54434e2bfb3c4162c67ca6687af5ef7f

  • SHA256

    c6ff81f2b369c6ccc684806cf3ea959bd99bcf14324d2e9f8885e27f5dc683a2

  • SHA512

    8d73cc19d2241b7a4f1d3cde5b0240b640ac7f0f1c0e897af55d11ff84b836e582669e7891d901bbddb282d6a13cb21d6f90aab750a371114dc48b981e185104

  • SSDEEP

    12288:Nc0VOi5w3nFKr9xvt1iGJ5ynomFW1c2obY7SPZxVq/P869t:Np8KwVKvvnnJ5Egocuqc6j

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bf4c21348ce7b371d1f12dea9ef9460.exe
    "C:\Users\Admin\AppData\Local\Temp\2bf4c21348ce7b371d1f12dea9ef9460.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\program files\common files\microsoft shared\msinfo\Server_Setup.exe
      "C:\program files\common files\microsoft shared\msinfo\Server_Setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2092
  • C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    1⤵
      PID:2916
    • C:\Windows\Hacker.com.cn.exe
      C:\Windows\Hacker.com.cn.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2624

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Program Files\Common Files\Microsoft Shared\MSInfo\Server_Setup.exe
      Filesize

      305KB

      MD5

      1518a96cff8763104aba6eb5212babad

      SHA1

      d0b9bf9b81881532d52a94e3c4f212de55251b7b

      SHA256

      92b839a4b43ac78c0ec269b993b418a2982f7d3308ee096e9eb19a87caa971cd

      SHA512

      fdc727f5e764bca56297926a7f982f490a8577364a66b991493cc30a3350ca97d36f31fae754a959cd61c27c6662cab7905beab889bb7ac2777b1d8e8193c030

      Download Submit

    • memory/2092-44-0x0000000000400000-0x0000000000684000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2092-27-0x0000000000400000-0x0000000000684000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2092-35-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2092-33-0x0000000000400000-0x0000000000684000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2092-34-0x0000000000400000-0x0000000000684000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2092-32-0x0000000000D10000-0x0000000000F94000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2092-31-0x0000000000D10000-0x0000000000F94000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2092-30-0x0000000000D10000-0x0000000000F94000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2100-21-0x0000000000400000-0x000000000049C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2100-11-0x0000000002A50000-0x0000000002A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-2-0x00000000008A0000-0x00000000008A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-1-0x0000000000270000-0x00000000002C0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/2100-17-0x00000000034A0000-0x00000000034B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2100-6-0x00000000008D0000-0x00000000008D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-0-0x0000000000400000-0x000000000049C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2100-7-0x00000000008E0000-0x00000000008E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-8-0x0000000001F00000-0x0000000001F01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-9-0x00000000008F0000-0x00000000008F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-10-0x00000000008B0000-0x00000000008B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-5-0x0000000000680000-0x0000000000681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-12-0x0000000002A60000-0x0000000002A61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-13-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-24-0x0000000000270000-0x00000000002C0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/2100-22-0x00000000034A0000-0x0000000003724000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2100-15-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-14-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2624-39-0x0000000000400000-0x0000000000684000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2624-40-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2624-43-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2624-41-0x0000000000400000-0x0000000000684000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2624-45-0x0000000000400000-0x0000000000684000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2624-46-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download