Overview

overview

6

Static

static

3

36f09e8cff...79.exe

windows7-x64

6

36f09e8cff...79.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    136s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36f09e8cffc4980914d3f3a6bef7c979.exe

  • Size

    700KB

  • MD5

    36f09e8cffc4980914d3f3a6bef7c979

  • SHA1

    9f901bf130ca37defef0aed8593956456211ad61

  • SHA256

    584bf26b45e4fbea7b31fed6bff1e5eaeb44359a4d00100c94c0e67e902d2464

  • SHA512

    dacd5971dea07c1fb4d068a9841f82b4e390d331058f18686562305d746d81bf0e6ad74a42834834661b195af34669717e60e5dc9684b1af1b15d9ab71e32586

  • SSDEEP

    6144:G6Qf6DAvXXWoJMA5dk2oo9lwAUVS1YP8sA4JbTyoNz16IZ8hmLae2u15Sq6bFrBp:GLf6OmiMA5dXLOTRXJioxxZGc2uHSIjE

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36f09e8cffc4980914d3f3a6bef7c979.exe
    "C:\Users\Admin\AppData\Local\Temp\36f09e8cffc4980914d3f3a6bef7c979.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im 360tray.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url
    Filesize

    110B

    MD5

    f9fc3e4f710ea6068eccca29ed784970

    SHA1

    eb6f961e7102e3aef227b204ff4dd9563f745812

    SHA256

    1c12badabe490d7c3d63bb0187965344ce0ed923eab707e446900a9b98913fcb

    SHA512

    b2d0db7a2c4b4d4e53a8daf2caff6a0ea826133038380e5dcf8c6493417f2884ecd61f047798189a3cff13cca3b9dbe99e5a501ce5de10488b2a337389b019ed

    Download Submit

  • C:\Users\Admin\Favorites\Íâ¹Ò×÷·»×ÊÔ´Õ¾ [42724920.ys168.com].url
    Filesize

    115B

    MD5

    514d1b59ae8925c5edea3c446ce588dd

    SHA1

    60dd675b65c7ffaac6ca731dba265a6f316a6f75

    SHA256

    6bbfe9e113e075b646ae49400657b8bb20cbab06854b38bf007ac6e15cd7b773

    SHA512

    5bf3d0f1715b445852ad184907d2161967d51cb8fe9673330438d8705502bc63e263222c43839140c613a427b0b58b297e522b3953c2543453625e01b8017253

    Download Submit