Overview

overview

10

Static

static

3

5b5c2e9fac...12.exe

windows7-x64

10

5b5c2e9fac...12.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 07:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5b5c2e9facc4d0ef9f54663462eb3912.exe

  • Size

    196KB

  • MD5

    5b5c2e9facc4d0ef9f54663462eb3912

  • SHA1

    afdbe6449f33cb240aeca029c174d20b27d1c37d

  • SHA256

    06c36c44e0a1412eb5cca0a6c8c016454f4e972d60c65cf00337332fc3e31ca4

  • SHA512

    ee8feda0380b26977adc44d0be184b7594616d2d95477f0c4c00a4888ed0d67a6f5f8b2c04159ba06f92d0e332234e9d843d4a3a0cdb745c61ed59365c4ae8a8

  • SSDEEP

    1536:ZXBmHj/428VMTwvY3vT3ZpTha581w8WOmoL8h:ZXgE28mTwvY73Zhha5I6oL8h

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.alizametal.com.tr
  • Port:
    21
  • Username:
    alizametal.com.tr
  • Password:
    hd611

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b5c2e9facc4d0ef9f54663462eb3912.exe
    "C:\Users\Admin\AppData\Local\Temp\5b5c2e9facc4d0ef9f54663462eb3912.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Program Files (x86)\e853c5cd\jusched.exe
      "C:\Program Files (x86)\e853c5cd\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\e853c5cd\e853c5cd
          Filesize

          17B

          MD5

          ff323a10557ed49cf5c59a277579ae45

          SHA1

          de64360ad4e3ea906b3b1e733975e75faa5a584e

          SHA256

          d8ba4de3c9ce2f2ee152b3905563f84af1d21df3e66065f3d549f25619bde779

          SHA512

          13747cad49a2aebb312975df6c8d6168994370ca680ce0996bfcf6f4bf5832e9468cfe6c35917bf069d0283add81b59b565d4dfa59dc3b25a9a7ace093912a39

          Download Submit

        • C:\Program Files (x86)\e853c5cd\info_a
          Filesize

          12B

          MD5

          b55973d75e668bac587f90306c8ff28e

          SHA1

          650f1127f2f064265802e0296d0d38af0df3d61c

          SHA256

          97ea3bf375d2ecef933de279b38ba9c805e6f496cf0c0c1da91f7cd6b35a1373

          SHA512

          ffceb8ecfaa34ae6f5f21d45b7a4eb6fc64b388145654d9f248b4bb6946c5fed00a528c413dc3172a236dbffea4db9bbbcb659ce32278f847b24cbc1e4471a19

          Download Submit

        • \Program Files (x86)\e853c5cd\jusched.exe
          Filesize

          196KB

          MD5

          7dfdedeea7200e691cd1599d28243c19

          SHA1

          00bf45bcda8e86c2f8068d70a07ce839e311bdc0

          SHA256

          09fafdbc4c1f0abda99d565d358309e3db092244755b8f53baca890b170ba334

          SHA512

          3bff028ba03c5fc609670987a18280758dd45a0751fb517134926f9ab0044647802d22220d0ac7dc48ab51021167786a14aaf3fb210d79f876549af879b1b04f

          Download Submit