Overview

overview

10

Static

static

3

dad4c7318b...c5.exe

windows7-x64

9

dad4c7318b...c5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2023 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dad4c7318b46644d7aa14a336281b2c5.exe

  • Size

    3.4MB

  • MD5

    dad4c7318b46644d7aa14a336281b2c5

  • SHA1

    c0d76328d93a27eeb8b6b321703a889a095f8e18

  • SHA256

    4714811e90e7eb3fa08b27a95639c3bd8a836669749b28f9c0f24361e7ebe6ee

  • SHA512

    f178c5726b45220d8f5cc4ba324dba34733595e849061a3301eaa997acea6e179c4dee77ebb548e9ebae6c366aec09ecdf144729172c8b557a7ef3932fced833

  • SSDEEP

    49152:G8HIQk6JZi5RQxF+XWIzXy8H+OUrm9JQHSPopLWPcZgtI1WARZNaDRlGovw8:GfQDURkIzdZJQ+oRWEZwEWARYGf

Score
9/10

Malware Config

Signatures

  • CustAttr .NET packer 1 IoCs

    Detects CustAttr .NET packer in memory.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe
    "C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe
      "C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe"
      2⤵
        PID:2612
      • C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe
        "C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe"
        2⤵
          PID:2576
        • C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe
          "C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe"
          2⤵
            PID:2672
          • C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe
            "C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe"
            2⤵
              PID:2460
            • C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe
              "C:\Users\Admin\AppData\Local\Temp\dad4c7318b46644d7aa14a336281b2c5.exe"
              2⤵
                PID:2776
              • C:\Windows\SysWOW64\schtasks.exe
                "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WnlKRotuGIbp" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA592.tmp"
                2⤵
                • Creates scheduled task(s)
                PID:2824

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\tmpA592.tmp
              Filesize

              1KB

              MD5

              109031bf959ef5f84ad47c9f12225f46

              SHA1

              9fe4bc5df233136dc11496b6fde30a060f337efd

              SHA256

              65be55ec142108bf261de3fb19b911813ea5d1b48eae34a8115ec51f372133ef

              SHA512

              a8f885438abea4b11e66fbadfed02ed74b7fceb59522a6ed9f2e748c43e35b25ea91d5e901cece4db29fab741800404fe5fcf1b3f2070f1a73f78fabbc732562

              Download Submit

            • memory/2216-0-0x0000000000220000-0x000000000058E000-memory.dmp

              Filesize

              3.4MB

              Download

            • memory/2216-1-0x0000000074E10000-0x00000000754FE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2216-2-0x0000000004470000-0x00000000044B0000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2216-3-0x0000000000740000-0x0000000000752000-memory.dmp

              Filesize

              72KB

              Download

            • memory/2216-4-0x0000000074E10000-0x00000000754FE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2216-5-0x0000000004470000-0x00000000044B0000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2216-6-0x0000000009790000-0x0000000009AA6000-memory.dmp

              Filesize

              3.1MB

              Download

            • memory/2216-7-0x000000000CAB0000-0x000000000CE78000-memory.dmp

              Filesize

              3.8MB

              Download

            • memory/2216-13-0x0000000074E10000-0x00000000754FE000-memory.dmp

              Filesize

              6.9MB

              Download