Overview

overview

10

Static

static

3

472dee804e...80.exe

windows7-x64

10

472dee804e...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    472dee804e1f00a9ebd90211eaa5d980.exe

  • Size

    148KB

  • MD5

    472dee804e1f00a9ebd90211eaa5d980

  • SHA1

    8706a30dd2b314ff0c762acb30cb51e1a30c4e2e

  • SHA256

    c307d11a46fc145b906ff57c1fdad9b033a4b21ca969fad428f1a7ea1dd12768

  • SHA512

    a89724c738bbf0baafba82e20c89f689ca5247fed307f68aaafd3bd88a270c2d0e3200b65d28a1a5d6597e26734be8d2e4bdc19a45b41cbcc9dec1a54f70a0d0

  • SSDEEP

    1536:ho9LtOf4BlqPAKfxnX+PBcRlouQvSPouXZ6D6Jj5wl+dwCMZUbP732YhxYAZxZC7:uzKalqPpR+Pco6ouZ68Kl+dnMZUba7

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\472dee804e1f00a9ebd90211eaa5d980.exe
    "C:\Users\Admin\AppData\Local\Temp\472dee804e1f00a9ebd90211eaa5d980.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Users\Admin\yuimoq.exe
      "C:\Users\Admin\yuimoq.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\yuimoq.exe
    Filesize

    141KB

    MD5

    af5ea2f8adc57c07cc892bb01eeb94b1

    SHA1

    b51488c35f5ddd44c1ce495d8521b952cfa52ec8

    SHA256

    f763152b811d1be8fb21307ff155b1d66efa69f5c55b7bf76da3688ba6f81370

    SHA512

    46629ec23649b22d39033afbf883e0c23c98902c59f94edba51efc64e7c554e391007326207cec3562af19179cb6e999acc0f6f76994861795f842f0d698a4bf

    Download Submit

  • C:\Users\Admin\yuimoq.exe
    Filesize

    96KB

    MD5

    c4cbb80b7df0a070ffd3c4251e24520e

    SHA1

    4d419e389e1fdb8086d8c56d801098c2b2b25a97

    SHA256

    d0ffd14b2ccee207289188551f43372b0321e7fc7a22b75f21dbac0945801580

    SHA512

    de823c3651b679ce7481605403e3efeb70707622361e2733066a329cd7cedb115ff723e2be486fe11f28e7f5dddf490c5ab007b39d70887805d7dff34bb6a926

    Download Submit

  • C:\Users\Admin\yuimoq.exe
    Filesize

    148KB

    MD5

    e57dbc22b41e9af6eb5f37aaaadaebc0

    SHA1

    16c49248369f98625d39398db0591cef2fb42116

    SHA256

    fcb4a7e07abbdf32ff0da8c6f223844d9fa0aaf1d3181d38d87b766f90a35e39

    SHA512

    b736f3327b449df1c55eec927b46584695ee138621dfa344ec2f591f18020448e7ec49aae364145aa3027d090cc84e26f82d8f7138c47796b8591fc0702a5bcc

    Download Submit

  • \Users\Admin\yuimoq.exe
    Filesize

    104KB

    MD5

    d079e89fee4c919680ce0bb2562d1948

    SHA1

    0bd1e525b4c190b32790c017bdfc75786111538a

    SHA256

    2adc7e2a64a8e2633c543bdfa40418b59e88d188addd7b5fc725fa892a861ec1

    SHA512

    8b1dec63222324657a42f70cdbde7c0ccf510cfa934302d450e0def52e9df8ba02402c13778a3f0ef19b87b9b3574bc936a48b1e7628aae628960d9321c396e2

    Download Submit

  • \Users\Admin\yuimoq.exe
    Filesize

    74KB

    MD5

    0eb69c677f36b30e56712b968001d43f

    SHA1

    fb85002b7af8e562f24624cf086a8150edd7eb33

    SHA256

    b4ee130d65f16f3caf8b7d2ea2863c4b24f34444e1685607c3225391e4e7ce56

    SHA512

    e708831ea5222583b17bcbeb6f56cb7e3239f19f223b25d9cb0700641910fca389b05bd97ff018543bd80dd1a6caf421e4627e3c2309f0bbaadf5ab12d1dccf8

    Download Submit