Overview

overview

8

Static

static

3

249fb8d820...76.exe

windows7-x64

8

249fb8d820...76.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    249fb8d820272d5672a372465cfb5776.exe

  • Size

    433KB

  • MD5

    249fb8d820272d5672a372465cfb5776

  • SHA1

    165b03a0140a4a1feec63503a1ffd1009d2a42d0

  • SHA256

    8452cd6350917ecbecc7828089a30087fd47b25d4995b78699b14e3bb7ee7ade

  • SHA512

    e5288edb45d1956fd9cd4472c8e4974d26f0135d0610b165a15990556b6e23582fa9beb0df56c505b5fe12136ea69d526d3b4546a94437bd1fefcf3e3a0437b9

  • SSDEEP

    6144:Ojbeiv2zazH8+9kBKbjwuyAFlhntFqAiizBB9QCO6G9o4q85dE6CqX4NKKmImIVC:Ou81L5vqUlhntFqArAKTOOCXSTmJYch

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 3 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\249fb8d820272d5672a372465cfb5776.exe
    "C:\Users\Admin\AppData\Local\Temp\249fb8d820272d5672a372465cfb5776.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¹¤¾ß
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¹¤¾ß
      2⤵
      • Sets DLL path for service in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      PID:2452
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k ilbsgu
    1⤵
    • Loads dropped DLL
    PID:1484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¹¤¾ß
    Filesize

    377KB

    MD5

    3168a07f1c4a60e17d8e0106501cbc8f

    SHA1

    04ffcb0e1846d94fd8f58935d853de39c89d6cc5

    SHA256

    329b6177b09fd1ad546258f4ea2eb300fb1ab1dc59eb2e670f1e9c96bdd245b0

    SHA512

    baadf8226f8d4b836a0545c78176806499093532d10c3c4f956820458d31c9ca708a41d8a26f0ed1adfb149fa280433b1107193c26042fdb5923b0ac7749cfe8

    Download Submit

  • C:\Windows\SysWOW64\xvlorn.dll
    Filesize

    32KB

    MD5

    07cec5343fc46f52630567fadf9e359a

    SHA1

    88969fad8b656727cd1e328a59828d75b6da4936

    SHA256

    41549f6d704f3ed0415c4664be925da7880df0ee1b446baf75152fe692725f66

    SHA512

    8758ffda0d4cf870d9cb2ba348ff6a073df42e27c2f48b3feec96fdb44c8ffb8e00b59f197295cc4bc206f9374823695d4feccefb391b5d70d7c5aace5925601

    Download Submit

  • memory/2452-57-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-11-0x0000000002240000-0x0000000002241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-32-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-38-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-42-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-47-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-48-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-46-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-52-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-56-0x0000000001FE0000-0x0000000002034000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2452-5-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2452-55-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-54-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-53-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2452-49-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-44-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-43-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-41-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-40-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-39-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-37-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-35-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-6-0x0000000001FE0000-0x0000000002034000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2452-26-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-27-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-30-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-28-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-31-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-25-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-24-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-23-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-21-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-20-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-19-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-18-0x0000000003320000-0x0000000003321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-17-0x00000000032D0000-0x00000000032D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2452-16-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-15-0x00000000032E0000-0x00000000032E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-14-0x0000000002290000-0x0000000002291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-13-0x00000000022A0000-0x00000000022A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-12-0x0000000000720000-0x0000000000721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-33-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-10-0x00000000022B0000-0x00000000022B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-9-0x0000000002260000-0x0000000002261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-7-0x0000000002280000-0x0000000002281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2452-22-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2452-58-0x0000000003330000-0x0000000003430000-memory.dmp

    Filesize

    1024KB

    Download