Overview

overview

8

Static

static

3

27eb15d5b1...3c.exe

windows7-x64

8

27eb15d5b1...3c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    125s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 04:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    27eb15d5b1c2cdf8541baf4cbe2ff33c.exe

  • Size

    15.0MB

  • MD5

    27eb15d5b1c2cdf8541baf4cbe2ff33c

  • SHA1

    c0fe3fce066e052a051b8582e3c345fbbbb945a6

  • SHA256

    e64a58606afaed0362fc46a19a70353329e8ec845820debdd3d496348b29c102

  • SHA512

    a8bd8662a68fe8c8558b3e579afef6ed6c66c840dcc875371f696fcaa60d4dfb7dc836d27c509641283e7b2820727d8a0bba99f767fd3713c293eacfb8cf6e36

  • SSDEEP

    393216:E1rzjstvwsGVCzJXHG4kyn6OknE24Z85dnQ1PWYyJvjJ3:SavwsGkN3GVy6zE24mpQh8J3

Score
8/10
evasion

Malware Config

Signatures

  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27eb15d5b1c2cdf8541baf4cbe2ff33c.exe
    "C:\Users\Admin\AppData\Local\Temp\27eb15d5b1c2cdf8541baf4cbe2ff33c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Windows\SysWOW64\netsh.exe
      netsh.exe advfirewall firewall delete rule name="all" remoteip=95.141.193.133
      2⤵
      • Modifies Windows Firewall
      PID:2692
    • C:\Windows\SysWOW64\route.exe
      route.exe delete 95.141.193.133
      2⤵
        PID:2404

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nsy517C.tmp\nsExec.dll
            Filesize

            7KB

            MD5

            f27689c513e7d12c7c974d5f8ef710d6

            SHA1

            e305f2a2898d765a64c82c449dfb528665b4a892

            SHA256

            1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

            SHA512

            734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsy517C.tmp\LangDLL.dll
            Filesize

            5KB

            MD5

            109b201717ab5ef9b5628a9f3efef36f

            SHA1

            98db1f0cc5f110438a02015b722778af84d50ea7

            SHA256

            20e642707ef82852bcf153254cb94b629b93ee89a8e8a03f838eef6cbb493319

            SHA512

            174e241863294c12d0705c9d2de92f177eb8f3d91125b183d8d4899c89b9a202a4c7a81e0a541029a4e52513eee98029196a4c3b8663b479e69116347e5de5b4

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsy517C.tmp\nsDialogs.dll
            Filesize

            9KB

            MD5

            ec9640b70e07141febbe2cd4cc42510f

            SHA1

            64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

            SHA256

            c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

            SHA512

            47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

            Download Submit