Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 02:24
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
737d02c261755ff5c920fa52d4f03fce.exe
Resource
win7-20231129-en
3 signatures
150 seconds
General
-
Target
737d02c261755ff5c920fa52d4f03fce.exe
-
Size
758KB
-
MD5
737d02c261755ff5c920fa52d4f03fce
-
SHA1
bf966e82d41c1fe537763339fa779e3ba9236331
-
SHA256
50f41c07db1d0d625cd0746a78dc15a1193f4fd0f80e6a4df40315f24efe2110
-
SHA512
83f0abaacb5c470d31372d97a0aae5e64bfbb73c401341e71be9d65984346d4ea68cae09a400f36567daf604e81db4d3806dfffbf5e2c4668e8c079688382bfb
-
SSDEEP
12288:LfzsUnViD0DUj9rIS7M1NAFZaquBKFrj+59APMQme+alY7WSmdAon:LYUED0YjdIALar0OADR+afSy
Malware Config
Extracted
Family
cryptbot
C2
ewaisg12.top
morvay01.top
Attributes
-
payload_url
http://winezo01.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 4 IoCs
Processes:
resource yara_rule behavioral1/memory/2936-2-0x0000000001D20000-0x0000000001E01000-memory.dmp family_cryptbot behavioral1/memory/2936-3-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot behavioral1/memory/2936-7-0x0000000001D20000-0x0000000001E01000-memory.dmp family_cryptbot behavioral1/memory/2936-6-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
737d02c261755ff5c920fa52d4f03fce.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 737d02c261755ff5c920fa52d4f03fce.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 737d02c261755ff5c920fa52d4f03fce.exe