Overview

overview

7

Static

static

3

Dps Sex Sc...MB.exe

windows7-x64

7

Dps Sex Sc...MB.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2024 17:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dps Sex Scandal Online 718MB.exe

  • Size

    213KB

  • MD5

    53ce02cf446dfbe4c37c9a6045a5811e

  • SHA1

    991b146dbd344798e6529c71cfe6033a52ddb5fd

  • SHA256

    793f21c64be578414f8f58ce69c3705b2d4dbd1ee3c291ad0ef26dc7ad959599

  • SHA512

    f1266c41a27a7d54043ebd9014c9da7ce44a68cccab94883f4f8f51078b00f7dbc00147b404c977390c7856df1c53d23d438564c257ab37135fef154cf010beb

  • SSDEEP

    3072:R0TGuenFBt2k2+ceJCK49glnt2b4LHXm70alQ/mRoOorL:R0TbenfwkqKvntZLHWn6mKOof

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1376
    • C:\Users\Admin\AppData\Local\Temp\Dps Sex Scandal Online 718MB.exe
      "C:\Users\Admin\AppData\Local\Temp\Dps Sex Scandal Online 718MB.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1736
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        3⤵
        • Deletes itself
        PID:2660
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    1⤵
      PID:864
      • C:\Windows\system32\wbem\WMIADAP.EXE
        wmiadap.exe /F /T /R
        2⤵
          PID:1048
      • C:\Windows\system32\csrss.exe
        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
        1⤵
        • Executes dropped EXE
        • Drops desktop.ini file(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:340
      • C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\system32\wbem\wmiprvse.exe -Embedding
        1⤵
          PID:2544

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\system32\consrv.dll
          Filesize

          52KB

          MD5

          6bf2039986af96d98e08824ac6c383fd

          SHA1

          0bb6384656a96943cb427baa92446f987219a02e

          SHA256

          a3e03454ff636f4cdd0a95b856ea9e7857cd3ce0fd2bc6d528ab45781349103f

          SHA512

          fae378badcd6b45d69705d11fe5feb2d9f93fa444249c13aff9b150359ffdbcfe2b160731e193d3e19b6eef18d2ef01de41549a1c2bbdf59501f901511f9068e

          Download Submit

        • \??\globalroot\systemroot\assembly\temp\@
          Filesize

          2KB

          MD5

          1f9fe274701f8a37be82ca1c3c906fc9

          SHA1

          00996f3c62436f150b6f6504da076e549cab58ff

          SHA256

          8ac2cbe5aaf5925673031e6049baafb1dad1f832e10b1adc808e875806ae7a34

          SHA512

          cf2be4f753f93e95a061cc5ef8aaef77720234b94cffa0a40b2a5ea5c899e34d0666adbbb1cb0113d96f48c8f3b080bd7eb8d54db4b604b64a338aa43db3143e

          Download Submit

        • memory/340-29-0x0000000002550000-0x0000000002561000-memory.dmp

          Filesize

          68KB

          Download

        • memory/340-28-0x0000000002AC0000-0x0000000002AC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/340-23-0x0000000002550000-0x0000000002561000-memory.dmp

          Filesize

          68KB

          Download

        • memory/340-21-0x0000000002550000-0x0000000002561000-memory.dmp

          Filesize

          68KB

          Download

        • memory/864-31-0x0000000000290000-0x000000000029B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/864-32-0x0000000000280000-0x0000000000288000-memory.dmp

          Filesize

          32KB

          Download

        • memory/864-44-0x00000000002A0000-0x00000000002AB000-memory.dmp

          Filesize

          44KB

          Download

        • memory/864-43-0x00000000002A0000-0x00000000002AB000-memory.dmp

          Filesize

          44KB

          Download

        • memory/864-41-0x00000000002A0000-0x00000000002AB000-memory.dmp

          Filesize

          44KB

          Download

        • memory/864-36-0x0000000000290000-0x000000000029B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/864-40-0x0000000000290000-0x000000000029B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1376-6-0x0000000002AD0000-0x0000000002AD6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1376-15-0x0000000002AC0000-0x0000000002AC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1376-10-0x0000000002AD0000-0x0000000002AD6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1376-14-0x0000000002AD0000-0x0000000002AD6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1736-5-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/1736-0-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/1736-3-0x0000000000280000-0x0000000000281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1736-1-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/1736-27-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/1736-2-0x0000000000230000-0x0000000000276000-memory.dmp

          Filesize

          280KB

          Download

        • memory/1736-26-0x0000000000230000-0x0000000000276000-memory.dmp

          Filesize

          280KB

          Download

        • memory/1736-25-0x0000000000400000-0x0000000000446000-memory.dmp

          Filesize

          280KB

          Download

        • memory/1736-4-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download