Overview
overview
10Static
static
10075F9A8B9A...C5.exe
windows7-x64
1075F9A8B9A...C5.exe
windows10-2004-x64
1145F7ABE9A...EA.exe
windows7-x64
10145F7ABE9A...EA.exe
windows10-2004-x64
101A99AC759F...31.exe
windows7-x64
31A99AC759F...31.exe
windows10-2004-x64
31BE33E4291...2D.exe
windows7-x64
101BE33E4291...2D.exe
windows10-2004-x64
102188BAE387...0C.dll
windows7-x64
32188BAE387...0C.dll
windows10-2004-x64
322F524ABC9...92.exe
windows7-x64
1022F524ABC9...92.exe
windows10-2004-x64
1033381793BD...5E.exe
windows7-x64
133381793BD...5E.exe
windows10-2004-x64
161C0810A23...A1.exe
windows7-x64
161C0810A23...A1.exe
windows10-2004-x64
1676A2A0D88...CB.exe
windows7-x64
7676A2A0D88...CB.exe
windows10-2004-x64
773D29DEAC4...09.exe
windows7-x64
173D29DEAC4...09.exe
windows10-2004-x64
181EFD50EB3...29.exe
windows7-x64
781EFD50EB3...29.exe
windows10-2004-x64
78E83C0F656...07.exe
windows7-x64
108E83C0F656...07.exe
windows10-2004-x64
1099CA9F3245...E2.exe
windows7-x64
599CA9F3245...E2.exe
windows10-2004-x64
5B1E12D0216...06.exe
windows7-x64
10B1E12D0216...06.exe
windows10-2004-x64
10C6185A23C5...C8.exe
windows7-x64
10C6185A23C5...C8.exe
windows10-2004-x64
10CDCFEDDB0A...3E.exe
windows7-x64
10CDCFEDDB0A...3E.exe
windows10-2004-x64
10Analysis
-
max time kernel
147s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-01-2024 14:20
Behavioral task
behavioral1
Sample
075F9A8B9A5A3F3C221CFA69BA8B3590CFB873946970B7F3DBD333A580D24AC5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
075F9A8B9A5A3F3C221CFA69BA8B3590CFB873946970B7F3DBD333A580D24AC5.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
145F7ABE9ABFFD0422F1C1F4CF429E89FD9D3BE93E6C3A0DD852DB708992C4EA.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
145F7ABE9ABFFD0422F1C1F4CF429E89FD9D3BE93E6C3A0DD852DB708992C4EA.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
1A99AC759FCD881729B76C2904476B4201E794DF2D0547C954EA37BE7C153131.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
1A99AC759FCD881729B76C2904476B4201E794DF2D0547C954EA37BE7C153131.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
1BE33E42910515D58685E4CEE83C4C9B7DE4E6A155A6FD936922682A9922D42D.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
1BE33E42910515D58685E4CEE83C4C9B7DE4E6A155A6FD936922682A9922D42D.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
2188BAE387FD2665D807D0B67B916973478CBE417D2042A146C8EADF77AF600C.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
2188BAE387FD2665D807D0B67B916973478CBE417D2042A146C8EADF77AF600C.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
33381793BD156716647F2C2E14047AA5559E940FF584D3FF6110B96EB701115E.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
33381793BD156716647F2C2E14047AA5559E940FF584D3FF6110B96EB701115E.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
61C0810A23580CF492A6BA4F7654566108331E7A4134C968C2D6A05261B2D8A1.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
61C0810A23580CF492A6BA4F7654566108331E7A4134C968C2D6A05261B2D8A1.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
73D29DEAC41E022CE77730F74D5EFB0828F56D1F2BEB91FD24ABC867F851FE09.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
73D29DEAC41E022CE77730F74D5EFB0828F56D1F2BEB91FD24ABC867F851FE09.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
81EFD50EB374AD2176E2655AF10276079F733C0592E83E3A044253DCBE06F329.exe
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
81EFD50EB374AD2176E2655AF10276079F733C0592E83E3A044253DCBE06F329.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
8E83C0F6566169AF1CF6C28670DCEE6EDEB15D0913AA24AD3831C9F97EB42307.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
8E83C0F6566169AF1CF6C28670DCEE6EDEB15D0913AA24AD3831C9F97EB42307.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral25
Sample
99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
B1E12D0216A946329FE549E09BF481D7DF9E8E3BC3F99BC24D9940CBB8F76F06.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
B1E12D0216A946329FE549E09BF481D7DF9E8E3BC3F99BC24D9940CBB8F76F06.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
C6185A23C51B8AC77E6C1BDF2CD4A8D39B02AF8B8027D4162CF9766D19CF87C8.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
C6185A23C51B8AC77E6C1BDF2CD4A8D39B02AF8B8027D4162CF9766D19CF87C8.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
CDCFEDDB0ACA42E65E6A4822C1F23DF7C4AE92775EBCC0B45D4160B732B0983E.exe
Resource
win7-20231215-en
General
-
Target
676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe
-
Size
1.7MB
-
MD5
7687cbe6769001af75b61c8e053221f2
-
SHA1
5723b7d6c6dbd2a3d1a7671ab95a28921525f5fd
-
SHA256
676a2a0d88a79012300a63092da090f5b0d0bdfc105541732254e0ae1feb2fcb
-
SHA512
d52da2ef2a8d4f671b2b69aeb90d85a1627252c6090cc77569bf5a38407f1adb8158c5caf9572c13fecd57bef5bfe50558eca62b744cae699ea8778c251903dc
-
SSDEEP
24576:eNcBtkdOdTNpGu522pL8cX2QrOtUUqi8BQLvYOHgDD/bcNuh+S1hKlMLkhWgvoNT:51bGCfL8cX2N2UhLAX/+uh+S14sBZ
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Windows Loader1.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate Windows Loader1.exe -
Executes dropped EXE 1 IoCs
pid Process 2972 Windows Loader1.exe -
Loads dropped DLL 4 IoCs
pid Process 2184 676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe 2184 676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe 2184 676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe 2184 676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe -
resource yara_rule behavioral17/files/0x000f0000000122e1-3.dat upx behavioral17/files/0x000f0000000122e1-5.dat upx behavioral17/memory/2184-6-0x00000000034B0000-0x00000000036D3000-memory.dmp upx behavioral17/files/0x000f0000000122e1-8.dat upx behavioral17/files/0x000f0000000122e1-13.dat upx behavioral17/files/0x000f0000000122e1-11.dat upx behavioral17/memory/2972-17-0x0000000000400000-0x0000000000623000-memory.dmp upx behavioral17/files/0x000f0000000122e1-16.dat upx behavioral17/files/0x000f0000000122e1-18.dat upx behavioral17/memory/2972-82-0x0000000000400000-0x0000000000623000-memory.dmp upx behavioral17/memory/2972-83-0x0000000000400000-0x0000000000623000-memory.dmp upx behavioral17/memory/2972-84-0x0000000000400000-0x0000000000623000-memory.dmp upx behavioral17/memory/2972-85-0x0000000000400000-0x0000000000623000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Windows Loader1.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct Windows Loader1.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2972 Windows Loader1.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2972 Windows Loader1.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2972 Windows Loader1.exe Token: SeIncBasePriorityPrivilege 2972 Windows Loader1.exe Token: 33 2972 Windows Loader1.exe Token: SeIncBasePriorityPrivilege 2972 Windows Loader1.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2972 Windows Loader1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2972 2184 676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe 28 PID 2184 wrote to memory of 2972 2184 676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe 28 PID 2184 wrote to memory of 2972 2184 676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe 28 PID 2184 wrote to memory of 2972 2184 676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe"C:\Users\Admin\AppData\Local\Temp\676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Users\Admin\AppData\Local\Temp\Windows Loader1.exe"C:\Users\Admin\AppData\Local\Temp\Windows Loader1.exe"2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2972
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
335KB
MD50b7bc397d50b7bb8eaa1b72955b67ba5
SHA1062baec6122a88779efdf5313505d1dd158b89c1
SHA256c2bee3dd478d919e50ecdd5307e912da06bf68634a821e21d4281c9c3b702856
SHA512ad6287b32fc94f4903167a11fc85675eb70af0e6083c627711a0b5192e0f98674cb352c96ac3a78bec30d7475667900731df6be58addd9e695a3c605ebb282cd
-
Filesize
295KB
MD5572c822391173c7de4ed431a311be299
SHA12176304ad1a366d395258329d78c3e39bc467542
SHA256e2677519969f2082a54880fafa8b62e2af9a4249efd38290b45cd65f253efdd1
SHA5128c1771733a226da14acf31dbebeeb2be1bd30565da93bfb1b929a1818cd4ddc9b910761f22bad81be19f3d89aedc0948d5869f7497cfaa1e599464ddb35a6d99
-
Filesize
2.1MB
MD5fe3c3522989f87fd71df1ae64d95c2c5
SHA1143c3ec1dfd6d60b5d6e5b77839df6166b725bc5
SHA256e2453769fb16dd6eea16f14152598cb0a1bf9943e3708ec22822dfb7e70dc8b3
SHA512ab8b1aeb3ba0c1754849c7445741aea54f0aa6ef3da750460418f20cbc642c625aca6e46361c6988ec54ddc1e268ae4178d5794cad45d1a36a413ca8f5630d29
-
Filesize
524KB
MD5cd0057264e3af0ad4573483af6ccbc75
SHA19a980d13e76245fc6eb110eef5f8fae73878f112
SHA256303241a9be455d278a722b511742838c02c127105b277f3764e8aa113d5143f2
SHA5123864ee733f72fcad2b3a56e6ba8ed7fb615185a2a72cfe2c6422c01e056f274d2f18e0f0e713bc727da170767ebcbd7879a0a01cb296e7afd0ab6f5fe59eb198
-
Filesize
568KB
MD5db9546997dbd84c190f57c9ffe2fb621
SHA1d91e21772598a5c03ac68e83da9cab1b71005816
SHA2564c3080c6c115d5214577eec912b551618fae6459930c82e5f8805a215af418d0
SHA512692a044638907880de756bf83dc6a75c4d86a8c6cc2b6eff4be214daf00cba3042345e762bd0d29eaed9bd48d46c849295e326115f7fb9c6b93e9d362a04cd10
-
Filesize
1.9MB
MD5b423e530ec1794a1a9c7b306e013fafc
SHA1836cc4bfa4bbbf10594b0ffee8b52ed30cdf572f
SHA2566d1e433d2e3032c14201c76d50f4aa9accf02b8c12465e483c4bcc5eb9d280d0
SHA512985d2f332da20bbeaabac7e8958830c7184289897b5a2fc08e7548fc081926a27f73fccc7ba32c5fef0aa3b2b45396e6c38697afa97e3fe5c5cf7786663a700b
-
Filesize
799KB
MD546abb36be3352d28195d3dec52132b30
SHA1aac49b28c66b22e5e3aa7669aef3102d7d17f992
SHA256edfbf44ef46ed7c91d789b631ee9b336239121a23134d38a72eb06fe58fdad90
SHA5128feec58fa68ffe74b5a98bf2592c94e57b67e2aec0c0e6a3de82efc62bcf36e066f2914ea9957eedeaefdb5963696ded8a0b4c6d8d9540cb39e7c793f4b5a602