Overview

overview

7

Static

static

3

3b3f9f0a37...4c.exe

windows7-x64

7

3b3f9f0a37...4c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 20:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b3f9f0a37b008a261a2d6aeaf89de4c.exe

  • Size

    617KB

  • MD5

    3b3f9f0a37b008a261a2d6aeaf89de4c

  • SHA1

    5983b5500f3c969f60c89642c43bdb2dbd482fd3

  • SHA256

    22ae51059a846a1598833fbec1b4a4c8ac4e5992682db55d6b789a16879132ca

  • SHA512

    ed114aedd332bb3a327cc2d4d9d1cf1460394f8c2dfc225f0674b1fb5a40782a0ba77bca7c83746037dc19d29ecb3a5ddcf9560a82039af819e7fbf8b5fbe932

  • SSDEEP

    12288:JwMDD4/3Dy0ws7lpzRuGm2n7p8Oh2TowFN/mK0:Jtg/20bTpmc00Cm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b3f9f0a37b008a261a2d6aeaf89de4c.exe
    "C:\Users\Admin\AppData\Local\Temp\3b3f9f0a37b008a261a2d6aeaf89de4c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Users\Admin\AppData\Local\Temp\DM_Lyxpld03Nw\DownloadManager.exe
      DownloadManager.exe "C:\Users\Admin\AppData\Local\Temp\3b3f9f0a37b008a261a2d6aeaf89de4c.exe"
      2⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
        dw20.exe -x -s 1944
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1244

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\DM_Lyxpld03Nw\DownloadManager.exe
          Filesize

          1.0MB

          MD5

          919eb3462f256b07182e9b78b6947081

          SHA1

          f5cd62ae17a855435ed47760e1714c9322efa6a7

          SHA256

          6466b09366e092e20e8cbbe31dabf0c93ec1f4f6deafbf39e790af0f2a024550

          SHA512

          2ac88dd1ee40cf1cc702ff23312cc6382f1c3286fd70e29da656ca2e64ae633e2bce34a1109325139625955cb25a49b5ffb3b6889925f8201568b83871cab542

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DM_Lyxpld03Nw\DownloadManager.exe
          Filesize

          697KB

          MD5

          580a37eadbb94a79f832f9ecc472cd28

          SHA1

          25dfe70084bd84aea46ff1f0b2e92d289fcf0611

          SHA256

          8d7a8e71a2e0140c5eace1dbc0a6f522378b782f3d9dc5eef40b4635d2759e47

          SHA512

          1baecaa4c0111cdd83d05d224034673ecd1dc71eeff41d8cfee457ef735493d02d758cce2aa85054b4ce65351821af49fc398ed057c17c8eba887da7b57ce5ab

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nse50C1.tmp\System.dll
          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nse50C1.tmp\UserInfo.dll
          Filesize

          4KB

          MD5

          7579ade7ae1747a31960a228ce02e666

          SHA1

          8ec8571a296737e819dcf86353a43fcf8ec63351

          SHA256

          564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

          SHA512

          a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nse50C1.tmp\inetc.dll
          Filesize

          20KB

          MD5

          c498ae64b4971132bba676873978de1e

          SHA1

          92e4009cd776b6c8616d8bffade7668ef3cb3c27

          SHA256

          5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8

          SHA512

          8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nse50C1.tmp\pwgen.dll
          Filesize

          16KB

          MD5

          a555472395178ac8c733d90928e05017

          SHA1

          f44b192d66473f01a6540aaec4b6c9ac4c611d35

          SHA256

          82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e

          SHA512

          e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a

          Download Submit

        • memory/2760-38-0x0000000001AD0000-0x0000000001AE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2760-37-0x00007FFB94640000-0x00007FFB94FE1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2760-39-0x00007FFB94640000-0x00007FFB94FE1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2760-48-0x000000001C4F0000-0x000000001C508000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2760-52-0x000000001D3C0000-0x000000001D45C000-memory.dmp

          Filesize

          624KB

          Download

        • memory/2760-51-0x000000001CE50000-0x000000001D31E000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/2760-53-0x0000000001AD0000-0x0000000001AE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2760-54-0x0000000001AD0000-0x0000000001AE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2760-61-0x00007FFB94640000-0x00007FFB94FE1000-memory.dmp

          Filesize

          9.6MB

          Download