Analysis

  • max time kernel
    151s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2024 01:23

General

  • Target

    6920aa5adac327d0b77bcbcf2c105098.exe

  • Size

    701KB

  • MD5

    6920aa5adac327d0b77bcbcf2c105098

  • SHA1

    750a44564b2a4f5199c3be46183ea7ed12215f29

  • SHA256

    b937f9098ea56ff4120f21634aaf765cd11f62950cbcf1f4727cc673785a9560

  • SHA512

    1257bea8df52390bc0a158eabb1a931340fefc18161884d4901ccc2a836d818ffe766850e23311885fdae315a7245303a35eb0970868506bb245fc92c6bb2aad

  • SSDEEP

    12288:u6i7jDNvrm737MOxTAc2NT0c7C4S5JfsZmjb2c36kMtEcZua+rCR8/6Pdfr84elm:zYvkz7Fm07Cwb2cjMScZua+rCR8aIXov

Malware Config

Extracted

Family

cryptbot

C2

fokuti41.top

morwiv04.top

Attributes
  • payload_url

    http://nybyoi06.top/download.php?file=lv.exe

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\6920aa5adac327d0b77bcbcf2c105098.exe
    "C:\Users\Admin\AppData\Local\Temp\6920aa5adac327d0b77bcbcf2c105098.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\SLfJRKXSKGeA.zip

    Filesize

    46KB

    MD5

    013ceea176da651e55d1075865117677

    SHA1

    914a1d6f8b44e0a855097a38e2953eb6325d7b21

    SHA256

    b223e2d9cc8e0b7a4ddb1424fcb3a0d554f5d8734b37fe120937c72fb8471d0f

    SHA512

    0784e9e2a29c03b47da5b1fc57015ebf780eb7b2d8772642a9947577c5376a8a4bb76f6192248fae0355eaebefeaaf425a366515cb7217d89c4373cecc10fe6b

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\_Files\_Information.txt

    Filesize

    1KB

    MD5

    947505e9747ec4eabef836abcc91b2ad

    SHA1

    19b1f54c6eb03765167bfc62df9a600c1917b737

    SHA256

    3ff9d8a0105613e3603fc108ac0477e5ff98d7804d0a6427ba5656dad5a558da

    SHA512

    09b4ea6d97dc66ca000428eae65ac27d5e578bea1123f3096547ceb0b5526d4e72498b4278913fd3638539c5ec11faa23c85cccc8a4be8cf9189d8658b60b575

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\_Files\_Information.txt

    Filesize

    2KB

    MD5

    041772a5665a6876e2be990aa8227a27

    SHA1

    7a2b564866678c6add46b7e1a94e3c0499659caa

    SHA256

    7e9af1c72d3f42a207c35bb98e05d689116b8bd1cf0510c7ddd77a19ba70ce5b

    SHA512

    2c6125679735a14be912ce056887a58af086d17ab6befee82f2b64f105a46ce0f39ad59a3799747a5a35bfc21e066615488aa81b6fc0e69bfc95dec6685da1e0

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\_Files\_Information.txt

    Filesize

    7KB

    MD5

    e225d30bf20d0f79f0a34447168455af

    SHA1

    d93bf0bb31b4b156706850fd7a14c0032f1771d6

    SHA256

    72c3f6860fdf60df3ee1c7ee37e44e5b3d586553992483d1b7d0f95d84b85162

    SHA512

    0858d8fb3c982df72a20565ccc33df4e291d9bd435ea013c2abd5391d08992cce4433daeb4d52b8b2d4206b17b4312456c552ee14b7c4a962a04067339aaadb2

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\_Files\_Screen_Desktop.jpeg

    Filesize

    51KB

    MD5

    de5b85b11b03e97ee91f21128a03e795

    SHA1

    4762cee80d9f7fab2d84f2614581fe5a347f5cb2

    SHA256

    25ea8c3709fcfcbfebc573bc1536e7abb7226a1f382455e93fcd5e655a5af287

    SHA512

    9f2e08ba7a372af623d97a9de9947c676fd6132c132efcdbee7073069ddf32ad75597e1205e8d675867e3f68f9aa6d0c09ff349ae42a81b1a7a2d94010ae2083

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\files_\system_info.txt

    Filesize

    808B

    MD5

    dda65fdd08cc7179a5d99a2714300581

    SHA1

    f880560a51b59c7f1f1e0dd04b4aad17a54d6ca7

    SHA256

    51d86c00e9a4f16e2b0c49e9bcbfd1b149337052dc47ddbc2e66ed418d21076b

    SHA512

    1d1f2c7eff60412e6c313996cce8ff1856d97c992db05fea27c52ac2c23b3f5ab3fe1f156e097ff3927c4871f5d87d7e34ad65b855b5d127ae170ab97572e169

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\files_\system_info.txt

    Filesize

    3KB

    MD5

    cb8ede430b3e9f6441de48e9362248b9

    SHA1

    47f7bc4655d0b69c211cdeaf792b6fc2868e55ad

    SHA256

    368c7aa2a0df76de37005cb66d22411c4cfde6947fc0b83b5045c1bb36731a1a

    SHA512

    c64f3833ff3fe280eb94d2918591fa9add94ab2836b05879469d132518d46b8743d2c6ace5bd800ceef923eb27957d3c13f78d4396f0501fc6e7374a1923294b

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\files_\system_info.txt

    Filesize

    4KB

    MD5

    cb2ec89d1ad166671d5c904d8f76ab34

    SHA1

    a658c13d453ff92e4927b2f53d6a5a828df4a378

    SHA256

    bcfd9a8383caeeaa43158146d9b2ad9a83798844e25f9ba25cea7496bb163899

    SHA512

    049e5326a9e7d2cf9be378ced4813c1c590414a9211586275ac18ced33669b0c050c2578b3a611a767b02b28d1fe8a78cf110c273f8f1e18bcd6a54c164836dd

  • C:\Users\Admin\AppData\Local\Temp\eKaFFUjNkGb\files_\system_info.txt

    Filesize

    7KB

    MD5

    8a39e4fad89f5b2d2fb4ad699fff2302

    SHA1

    05f215572f1ddcd65f655ab76f92d1ed3d0b406d

    SHA256

    70075bf23375961dd2ac501e2aab2a4b88457d666e1c74ca09661efdcdc156ca

    SHA512

    94f1443425223ec83561c38ef3966cb71d470b3f0a6bf5f327b88aa03846cc0fb3ad56e1fab4776044cc564171272ae6c610f66f4838ae960dfce7706549da87

  • memory/2376-3-0x0000000000400000-0x0000000002BBA000-memory.dmp

    Filesize

    39.7MB

  • memory/2376-1-0x0000000004840000-0x00000000048D2000-memory.dmp

    Filesize

    584KB

  • memory/2376-205-0x0000000000400000-0x0000000002BBA000-memory.dmp

    Filesize

    39.7MB

  • memory/2376-210-0x0000000000400000-0x0000000002BBA000-memory.dmp

    Filesize

    39.7MB

  • memory/2376-213-0x0000000004840000-0x00000000048D2000-memory.dmp

    Filesize

    584KB

  • memory/2376-2-0x00000000048E0000-0x00000000049CB000-memory.dmp

    Filesize

    940KB

  • memory/2376-215-0x00000000048E0000-0x00000000049CB000-memory.dmp

    Filesize

    940KB