Overview

overview

10

Static

static

3

eb916eb723...a8.exe

windows7-x64

10

eb916eb723...a8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 12:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.exe

  • Size

    6.1MB

  • MD5

    28e45e74b6bc4bd354906bd23e9ad5c2

  • SHA1

    d3403d70b819e27316403bd97faf02319d443883

  • SHA256

    eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8

  • SHA512

    9d266617ebb4b89a3e82bb9467343b5d372ab367f779f16d43fc661eb9ae25eb7889c51df93379490b8adc4351127cf68a282f51ad191a8a5cc846a05a12f51f

  • SSDEEP

    196608:ysL1P3Wp3pw18aZPMR2kT5onzcT234a7bsJ4dD:y0GpZwOaZPU2k2zcTyFdD

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Signatures

  • Detect Socks5Systemz Payload 3 IoCs
  • Socks5Systemz

    Socks5Systemz is a botnet written in C++.

    botnetsocks5systemz
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 59 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\is-TSD7M.tmp\eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-TSD7M.tmp\eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.tmp" /SL5="$400F4,6152517,54272,C:\Users\Admin\AppData\Local\Temp\eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Windows\SysWOW64\net.exe
      "C:\Windows\system32\net.exe" helpmsg 27
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1068
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 helpmsg 27
        3⤵
          PID:1156
      • C:\Program Files (x86)\APointMAPS\apointmaps.exe
        "C:\Program Files (x86)\APointMAPS\apointmaps.exe" -i
        2⤵
        • Executes dropped EXE
        PID:2036
      • C:\Program Files (x86)\APointMAPS\apointmaps.exe
        "C:\Program Files (x86)\APointMAPS\apointmaps.exe" -s
        2⤵
        • Executes dropped EXE
        PID:1728
    • C:\Users\Admin\AppData\Local\Temp\eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.exe
      "C:\Users\Admin\AppData\Local\Temp\eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.exe"
      1⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1672

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\APointMAPS\apointmaps.exe
            Filesize

            1KB

            MD5

            f6a0c01e514435d36140d31d570ab2e4

            SHA1

            61435eb13c43eb1ab1660b5ce086be94a6bd9a19

            SHA256

            bad9c8cc0795ff9efd72ae1e648deb7b480e5dfec2c6e21c6027df5f145dc4ed

            SHA512

            8f3e245e55ca4bb37e88ca2fafc5d9cd991fe162155af5ad730954134449760ec3b6ef5ed6b0086840dc6cc15ead5f2e70a6c6a41bcb1c1e35d37002197ed6cb

            Download Submit

          • C:\Program Files (x86)\APointMAPS\apointmaps.exe
            Filesize

            68KB

            MD5

            72a20104ae425587990495808f3ffb93

            SHA1

            487126dd9f1be19e2296d8519837fe0a80056762

            SHA256

            e164ad26107e0d4062cdf156ad3a7b0df75d2fd46342d8f447ad18567ad7a756

            SHA512

            0fbf67702d0b3cf57d785a979d33d7c19f3b86d6331a95b1a2fa55a14b534e2b5dacedf94fcd1e06f271590e029b169e3df362bde3a707cebcd5116d37de04b6

            Download Submit

          • C:\Program Files (x86)\APointMAPS\apointmaps.exe
            Filesize

            94KB

            MD5

            fcd34092f0553daebef93b5c3c19eba5

            SHA1

            6c207987f300552ee9318215f65d93bbe6d05d88

            SHA256

            3c11138f330bc59be52492d2e059cec2189a5b67d3a27ee411b398396782f78f

            SHA512

            be43a1a368b762f08a4510daa8f9074b87c12ec28fbb744380153721fe644b9499db8a61ec462106e5e09c15297ed6d68b9b7e675e3adbd0363dba6d0b07573e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-TSD7M.tmp\eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.tmp
            Filesize

            55KB

            MD5

            19c02c7618c777db134748e17f1b7895

            SHA1

            f925dcfe76594a4e93e7c9727dcac5eb75806eb4

            SHA256

            840f9d194c1f6b5daa20dafb88738aaf1eded7139c8cd2539d080b0a20b2c2aa

            SHA512

            63b77eb478b43c990c9ae6244119fe64ad5eec329d9921df9d33081a0c2a1b38d7c179c9fe281deb6994e529c18570b70be101429fe9176673464b03148c77ec

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-TSD7M.tmp\eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.tmp
            Filesize

            114KB

            MD5

            f5f417cfc3a67dbdf0ae103b672dbfa5

            SHA1

            e38240eac0baf6d87403289b858978d4ecdd3cf2

            SHA256

            5a8abe120f7e233c16e7b45f27914cfb93c18c790ca773d66ed324735f1bddf3

            SHA512

            a9fa92f37e371bb22a0f78ff923f01e049f616264559cb2d6efb11a26c8fea9235a3f92397a9c6d202d12c9820ab625b38b7885e99eb19a6b41e9f031d7706e2

            Download Submit

          • \Program Files (x86)\APointMAPS\apointmaps.exe
            Filesize

            92KB

            MD5

            45f5e3bc595255a62bed52ccf54836df

            SHA1

            0e5d3ba96a0252a797b69fe7ea27d9e3a7909140

            SHA256

            870d3251ad5088607c75f7f0582ab77b39a8e2d0853cc93587daff5eba94f789

            SHA512

            3ddb82a85b0b7225ce1e2dc6876a8f1acf82a8344fa998b31649a79fc7f3326d26420aecfe75795194a6e4a7119132d21c7126e2596d053493bef561acf9a26a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-K3J58.tmp\_isetup\_iscrypt.dll
            Filesize

            2KB

            MD5

            a69559718ab506675e907fe49deb71e9

            SHA1

            bc8f404ffdb1960b50c12ff9413c893b56f2e36f

            SHA256

            2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

            SHA512

            e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-K3J58.tmp\_isetup\_isdecmp.dll
            Filesize

            19KB

            MD5

            3adaa386b671c2df3bae5b39dc093008

            SHA1

            067cf95fbdb922d81db58432c46930f86d23dded

            SHA256

            71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

            SHA512

            bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-K3J58.tmp\_isetup\_shfoldr.dll
            Filesize

            22KB

            MD5

            92dc6ef532fbb4a5c3201469a5b5eb63

            SHA1

            3e89ff837147c16b4e41c30d6c796374e0b8e62c

            SHA256

            9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

            SHA512

            9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-TSD7M.tmp\eb916eb723273fae9324b464bfb6f405d77a2b1b48a0a498de5676d54a0a38a8.tmp
            Filesize

            81KB

            MD5

            1ce937bd1a30b923aac65652e34fa7ef

            SHA1

            1fd5a0450e1d0cd48b9d418555939d9c565f826e

            SHA256

            9a06cf93018a805f3750971df848b48957ff97ac1bbb3cee106129643f3be0d1

            SHA512

            a98bd366d8d6f5885a0ea0d6f4a3a4eabab3d4efc4a2524a98784a822f69ed3b8fce142a99e93fe86951fb1cb8d55e96145db58758ebb9ca2bd2ebc39b5e08d5

            Download Submit

          • memory/1672-154-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1672-2-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1672-0-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1728-191-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-156-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-194-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-174-0x00000000025C0000-0x0000000002662000-memory.dmp

            Filesize

            648KB

            Download

          • memory/1728-197-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-188-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-153-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-185-0x00000000025C0000-0x0000000002662000-memory.dmp

            Filesize

            648KB

            Download

          • memory/1728-201-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-151-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-184-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-181-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-162-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-161-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-165-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-168-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-171-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-178-0x00000000025C0000-0x0000000002662000-memory.dmp

            Filesize

            648KB

            Download

          • memory/1728-177-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2036-144-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2036-145-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2036-149-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2036-148-0x0000000000400000-0x0000000000593000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2288-157-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2288-158-0x0000000003740000-0x00000000038D3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2288-155-0x0000000000400000-0x00000000004BC000-memory.dmp

            Filesize

            752KB

            Download

          • memory/2288-143-0x0000000003740000-0x00000000038D3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2288-8-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

            Download