Overview
overview
10Static
static
3DOC6010038709-PO.exe
windows7-x64
10DOC6010038709-PO.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Proctodyni...de.app
macos-10.15-amd64
1Analysis
-
max time kernel
89s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22-01-2024 16:41
Static task
static1
Behavioral task
behavioral1
Sample
DOC6010038709-PO.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
DOC6010038709-PO.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Proctodynia/megapode.app
Resource
macos-20231201-en
General
-
Target
DOC6010038709-PO.exe
-
Size
401KB
-
MD5
5ad5fcac5705acde3ed51ae6b3c2c0b1
-
SHA1
77a26b80323ac8e1f172d8ce980120454ed53939
-
SHA256
52dd1ddf925baa01a172d0e420ec8833a10726ee7a7dcfc2a55f1e04f47c6a63
-
SHA512
1b472fc9a53b6a8864176dbd7e1ce91dccdae9c6dcf9716274c80011368275dc1f3c2098287bd32d708ce18214b048113fdc59cefd3a106a1d2b6ddaee304a27
-
SSDEEP
12288:3kvqcSBHwEbBn+mDZVKxRu2GfWLpcCoJt:9wOTZVKbgWLCCat
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL 4 IoCs
Processes:
DOC6010038709-PO.exepid process 1608 DOC6010038709-PO.exe 1608 DOC6010038709-PO.exe 1608 DOC6010038709-PO.exe 1608 DOC6010038709-PO.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes:
DOC6010038709-PO.exepid process 1660 DOC6010038709-PO.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
DOC6010038709-PO.exeDOC6010038709-PO.exepid process 1608 DOC6010038709-PO.exe 1660 DOC6010038709-PO.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
DOC6010038709-PO.exedescription pid process target process PID 1608 set thread context of 1660 1608 DOC6010038709-PO.exe DOC6010038709-PO.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
DOC6010038709-PO.exepid process 1608 DOC6010038709-PO.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
DOC6010038709-PO.exedescription pid process target process PID 1608 wrote to memory of 1660 1608 DOC6010038709-PO.exe DOC6010038709-PO.exe PID 1608 wrote to memory of 1660 1608 DOC6010038709-PO.exe DOC6010038709-PO.exe PID 1608 wrote to memory of 1660 1608 DOC6010038709-PO.exe DOC6010038709-PO.exe PID 1608 wrote to memory of 1660 1608 DOC6010038709-PO.exe DOC6010038709-PO.exe PID 1608 wrote to memory of 1660 1608 DOC6010038709-PO.exe DOC6010038709-PO.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DOC6010038709-PO.exe"C:\Users\Admin\AppData\Local\Temp\DOC6010038709-PO.exe"1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1608 -
C:\Users\Admin\AppData\Local\Temp\DOC6010038709-PO.exe"C:\Users\Admin\AppData\Local\Temp\DOC6010038709-PO.exe"2⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1660
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD517ed1c86bd67e78ade4712be48a7d2bd
SHA11cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA5120cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
Filesize
9KB
MD542b064366f780c1f298fa3cb3aeae260
SHA15b0349db73c43f35227b252b9aa6555f5ede9015
SHA256c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab
SHA51250d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7
-
Filesize
6KB
MD5b55f7f1b17c39018910c23108f929082
SHA11601f1cc0d0d6bcf35799b7cd15550cd01556172
SHA256c4c6fe032f3cd8b31528d7b99661f85ee22cb78746aee98ec568431d4f5043f7
SHA512d652f2b09396ef7b9181996c4700b25840ceaa6c1c10080a55ce3db4c25d8d85f00a21e747f9d14a3374be4cdd4ea829a18d7de9b27b13b5e304447f3e9268fa