Overview

overview

10

Static

static

3

0bc37bcf9b...f7.exe

windows7-x64

10

0bc37bcf9b...f7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bc37bcf9bd9e8dad70d643001b8a0f7.exe

  • Size

    284KB

  • MD5

    0bc37bcf9bd9e8dad70d643001b8a0f7

  • SHA1

    6baee545803f94476bdc423c588fc91f5b2feb48

  • SHA256

    b5e66a86333bf351aae5f530b4a0dd216aa4de253cc54703e843c30ce124a754

  • SHA512

    76abc66f47db8dc62af757b6858d4fd0f39d9e5d067015eccb8a34c319fb4668291cd04f6de29f0471ac8db122517bb2b362157a850ff6f3d93fef708d659a39

  • SSDEEP

    6144:f6EBO4rEx6Akrkx7LASoXeYW1Ifq7o3JUO/rSd/8ox5vBSk:f6EoN6Atx7IKIMo3mO/rSd55Z

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bc37bcf9bd9e8dad70d643001b8a0f7.exe
    "C:\Users\Admin\AppData\Local\Temp\0bc37bcf9bd9e8dad70d643001b8a0f7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4608
    • C:\Users\Admin\AppData\Local\f69f0eb0\X
      *0*cb*ea98319d*31.193.3.240:53
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3480
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of UnmapMainImage
    PID:3428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\f69f0eb0\X
    Filesize

    31KB

    MD5

    046bf0cdf1f842a06759f7c8a84e96db

    SHA1

    b468f01ae3eb4c03505136d02bb603ec8cc4fda8

    SHA256

    f8138b597e2b3ce15d15b7d80244cfe4e6b587abc8bd02f7879cc9ddc7d422ac

    SHA512

    a06765af234be36fc26e588aac8faf4496ad07ed29bb3e0a537ee8b95c80183d6cad3c2b44fc4e3cdea23cf3929db01570eac9334bad700662b17238265f5f43

    Download Submit

  • C:\Users\Admin\AppData\Local\f69f0eb0\X
    Filesize

    38KB

    MD5

    72de2dadaf875e2fd7614e100419033c

    SHA1

    5f17c5330e91a42daa9ff24c4aa602bd1a72bf6e

    SHA256

    c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381

    SHA512

    e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3

    Download Submit

  • memory/3428-9-0x0000000000A40000-0x0000000000A48000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4608-2-0x00000000008E0000-0x00000000009E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4608-1-0x0000000030670000-0x00000000306C2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4608-8-0x0000000030670000-0x00000000306C2000-memory.dmp

    Filesize

    328KB

    Download