Overview

overview

10

Static

static

3

7f33bacbd7...de.exe

windows7-x64

9

7f33bacbd7...de.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f33bacbd78bf143a1f8a52b1f8b4cde.exe

  • Size

    3.2MB

  • MD5

    7f33bacbd78bf143a1f8a52b1f8b4cde

  • SHA1

    97ce3f3084b8db04be526422bf9a1feb0d476e25

  • SHA256

    03957e1a76e380308206465031a99a1db9e7afce4b82e021f0f8f94888b791b2

  • SHA512

    c4dd06b99cbe62a1eb3119bdbfac096f9e54328873d8b26b7139ecd89b9ad51c83d97afed519fb81ff9b94fe2df3cbb3c746cec8ed2722af797c4a03d8e5ea08

  • SSDEEP

    98304:TKC6+yhQD2OYZGQRticLcM1cVr9D0mDpg84G:+CpYQClrRIcLcMir9DrDp

Score
9/10

Malware Config

Signatures

  • CustAttr .NET packer 1 IoCs

    Detects CustAttr .NET packer in memory.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe
    "C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WZTuVE" /XML "C:\Users\Admin\AppData\Local\Temp\tmpF170.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:2580
    • C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe
      "C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe"
      2⤵
        PID:3012
      • C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe
        "C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe"
        2⤵
          PID:2296
        • C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe
          "C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe"
          2⤵
            PID:2148
          • C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe
            "C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe"
            2⤵
              PID:3056
            • C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe
              "C:\Users\Admin\AppData\Local\Temp\7f33bacbd78bf143a1f8a52b1f8b4cde.exe"
              2⤵
                PID:3008

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\tmpF170.tmp
              Filesize

              1KB

              MD5

              7ae7204d2a74da42e34dafbef2648019

              SHA1

              7a4bc105effdc2a611e4d983d5f633fa27824831

              SHA256

              108f491ad8cbe4de53263c73faa0d38efd13ee25ecce31378db3b75cda298524

              SHA512

              2892bc17e703450b1e1d4c036b529bfbbe7f81c1bff3082ed01f122a195de4e4f30afb60f7de1242ff5446979e1d1fe9de483571ddd6671b1070d424262cbf4e

              Download Submit

            • memory/2080-1-0x00000000745C0000-0x0000000074CAE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2080-0-0x0000000000120000-0x0000000000454000-memory.dmp

              Filesize

              3.2MB

              Download

            • memory/2080-2-0x00000000024C0000-0x0000000002500000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2080-3-0x0000000000530000-0x0000000000542000-memory.dmp

              Filesize

              72KB

              Download

            • memory/2080-4-0x00000000745C0000-0x0000000074CAE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2080-5-0x00000000024C0000-0x0000000002500000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2080-6-0x0000000007030000-0x00000000072B2000-memory.dmp

              Filesize

              2.5MB

              Download

            • memory/2080-7-0x00000000092B0000-0x0000000009678000-memory.dmp

              Filesize

              3.8MB

              Download

            • memory/2080-13-0x00000000745C0000-0x0000000074CAE000-memory.dmp

              Filesize

              6.9MB

              Download