Overview

overview

10

Static

static

3

5876a513ef...ad.exe

windows7-x64

10

5876a513ef...ad.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-01-2024 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5876a513ef6a2f42cc31589a485c1aad.exe

  • Size

    32KB

  • MD5

    5876a513ef6a2f42cc31589a485c1aad

  • SHA1

    63ebba7896c5ab34baa67523732a9849115f596a

  • SHA256

    4fc4a55876b8c78e8375e1ff6da5f50765ee120c6534449eee831740a167a8b2

  • SHA512

    f7cfc287750d0a9942323f82ed5e440cd9c9f8328fcf6a238bf5e704a5562cb70eab22d486f322e4ddcabe63bde8b7f80b411254e6718bff892deaf66aff9c78

  • SSDEEP

    768:FpGnGNxT8f3/IY+vngEjUoKYH0bxyJsu0nK6aC/7gDj9XFtH:FYnG3T83IpvgKguWxyoK6aCaj

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5876a513ef6a2f42cc31589a485c1aad.exe
    "C:\Users\Admin\AppData\Local\Temp\5876a513ef6a2f42cc31589a485c1aad.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Users\Admin\AppData\Local\Temp\porsche.exe
      "C:\Users\Admin\AppData\Local\Temp\porsche.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\porsche.exe
    Filesize

    56KB

    MD5

    c10a66c0e1925a0d2e5cea3a58c2e746

    SHA1

    9c0e410d3291f53420b342af177b398f4b05c6f5

    SHA256

    874d686c86f7c452c2b7d5c1efd41bdb22b8f7cb58820b69102c250636e1fbd5

    SHA512

    e3695de965bd05da5ddc306901e5a7800a3a5b997e228a965cca40be48717644040fb5c9034ddf9194677337de36b3f03d47e143f7bf2c1e03565e99d028e9e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\porsche.exe
    Filesize

    46KB

    MD5

    d265686a41ea6e69235239ca1514de68

    SHA1

    588b56eaf173c0830251a68e0555845ca9fe7eba

    SHA256

    f3d5cabc731cf09839508debe02470afca8697db3d6ba5971f3f425dba0d14b7

    SHA512

    f5076b4e2fbabcf6eca1da48d0786a3114a9a91b4b83999ddcf3e9b3321f3cf38b3c3e31ffe446dd4a4932b2407e8f92daceda07249a9323b3c962d3f5526b6a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\porsche.exe
    Filesize

    49KB

    MD5

    d40e3e833ab178f9b983369704e1050e

    SHA1

    7acaa5b4089326fe7fdefa26551340c015fb5136

    SHA256

    459fbf27a97a6978d88a158556f7e6e87513cf563ad047434cef00f108e292b0

    SHA512

    3b6676a6cb17e766395dc11efbe41e5f5bb29106267a4ef9eebbc9e894886295c6b6af681701372d8442142f98863622ee8e5e30f71ea59981a17edb2369dbd3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\porsche.exe
    Filesize

    30KB

    MD5

    d9cfde7eef19cf89ef6d871e2473b7ca

    SHA1

    a67e4e99ca3a30f7bc4f6048fc33ef108fee65e3

    SHA256

    d2b3a688da6b2eea5903f002a0e95c8825883c35434bdc8515e144fbdd14f8eb

    SHA512

    77c556cce878bca4f03fee9a4c36e95476cb887f076e78027a8bc41a6c97983a87c61d05ab0ecb6f928346e2077ac0ba10b578a5c134d5f59f58ffa87276f703

    Download Submit

  • memory/2224-15-0x0000000014E00000-0x0000000014E0F000-memory.dmp

    Filesize

    60KB

    Download