Overview

overview

10

Static

static

3

(?)#Androm...ew.exe

windows10-2004-x64

7

koori.exe

windows10-2004-x64

10

meow.exe

windows10-2004-x64

10

srodus.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-01-2024 08:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    srodus.exe

  • Size

    152KB

  • MD5

    a9611e59f5b26530f2f0b63da3847228

  • SHA1

    e8ebf8efd94b42f0578392483d88aa237d261543

  • SHA256

    e45438fb72a822ad3f3d1578bcbcc88e1f66d14ca6c3b6a620812d6191ed343d

  • SHA512

    e9b8a0ad66e03d87bb5b4fd89ffcdce5879cc3724290aeda4e85620611681d7311dcfea685cfb574d34732daa8417607a3b769a5839b01846377595a67ed74fd

  • SSDEEP

    3072:wf4Zp1MIrIf4lO6VogYx4q+wZoCXiZxnLWmEj:LZpyIrIw1q+kPUL

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 1 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\srodus.exe
    "C:\Users\Admin\AppData\Local\Temp\srodus.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Program Files (x86)\msiexec.exe
      "C:\Program Files (x86)\msiexec.exe" -Puppet
      2⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\msiexec.exe
    Filesize

    58KB

    MD5

    9d09dc1eda745a5f87553048e57620cf

    SHA1

    1d0c7cfca8104d06de1f08b97f28b3520c246cd7

    SHA256

    3a90ede157d40a4db7859158c826f7b4d0f19a5768f6483c9be6ee481c6e1af7

    SHA512

    2be940f0468f77792c6e1b593376900c24ff0b0fae8dc2e57b05596506789aa76119f8be780c57252f74cd1f0c2fa7223fe44ae4fa3643c26df00dd42bd4c016

    Download Submit

  • C:\Users\Admin\Documents\msedge.exe
    Filesize

    152KB

    MD5

    a9611e59f5b26530f2f0b63da3847228

    SHA1

    e8ebf8efd94b42f0578392483d88aa237d261543

    SHA256

    e45438fb72a822ad3f3d1578bcbcc88e1f66d14ca6c3b6a620812d6191ed343d

    SHA512

    e9b8a0ad66e03d87bb5b4fd89ffcdce5879cc3724290aeda4e85620611681d7311dcfea685cfb574d34732daa8417607a3b769a5839b01846377595a67ed74fd

    Download Submit

  • memory/4888-0-0x00000000023E0000-0x000000000242E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4888-1-0x0000000010000000-0x000000001001A000-memory.dmp

    Filesize

    104KB

    Download