Overview

overview

10

Static

static

3

55b057826c...80.exe

windows7-x64

10

55b057826c...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    163s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2024 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55b057826c77fb6c5047483f06fbf880.exe

  • Size

    140KB

  • MD5

    55b057826c77fb6c5047483f06fbf880

  • SHA1

    0b13e6ce4daf9ce79bd6bc3791bd911dfa8b8d94

  • SHA256

    818e842d42e2307de9058ece6260313eea686665a4663d607d952503facb1ecf

  • SHA512

    99a3f94dda9724b4bf22016e1d2adc5b5dcc269aead522f15aeea18a5d5e2ff728098bf0da9dae3ae8783e34991358310ea34cd4bc4feaf0b37e8160bc974d29

  • SSDEEP

    768:zevsmyt4pd04q0zik+vhy7g0EM/LinbQu595i:6veEn3+pCg0EUGQuL5

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55b057826c77fb6c5047483f06fbf880.exe
    "C:\Users\Admin\AppData\Local\Temp\55b057826c77fb6c5047483f06fbf880.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Users\Admin\doojuov.exe
      "C:\Users\Admin\doojuov.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\doojuov.exe
    Filesize

    140KB

    MD5

    eb9fd318723060e57805e3db4e0cf325

    SHA1

    b7d6eae3ceb30ae3ed2874257b6c2efad09c8545

    SHA256

    b96b7d190112565e8c03f050278986287f34aa01987bd5bcc7d6643fb12a3625

    SHA512

    d260b77abb58c380658bc9d5ca4af90197e978ea71e298a3e76b6cdc7b508ea43eb4ed283cff2076bcdadff103490cf3c3884103ee8f49294930b40bd87682f8

    Download Submit