Overview

overview

10

Static

static

10

soan_2_2.zip

windows10-1703-x64

4

Resubmissions

02-02-2024 16:00

240202-tfn56scbeq 10

02-02-2024 15:53

240202-tbpadacafr 10

Analysis

  • max time kernel
    121s
  • max time network
    120s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-02-2024 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    soan_2_2.zip

  • Size

    17.7MB

  • MD5

    8e93520d569a6e2afed2da31224c7568

  • SHA1

    8b45cf1d65ffa2bf061222e2e35d0a3fb4739b87

  • SHA256

    94c0a9f4adcb87a5705f7ad0776b27ee6471131f21fadad162de21590669f649

  • SHA512

    a5e250e2ce0f121de7f5a89ced3a2fd0ddd69d47346c6020351bf9ee13d9522b81e86d08704392ea061fec879d92a785233218365b9db5a97f03a3daa67dccad

  • SSDEEP

    393216:+oecXb9QxDfm4ZXDqgQG/yMWIsbfq4702k6sncVsLGBAYOD6C:+oe0b9QxDfBdDqgFyrIeP70t6snPbDDZ

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\soan_2_2.zip
    1⤵
      PID:812
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4064
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Files.docx" /o ""
        1⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:4168
      • \??\c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k localservice -s fdPHost
        1⤵
          PID:3700
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /7
          1⤵
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:3360

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
          Filesize

          223B

          MD5

          0089a450ac0d5daa3adf503ff0a4729a

          SHA1

          d0878bd92572f94d86b116f9bf0b14fe8732ebdb

          SHA256

          475bc454dd4fe83f3039ff97e98878dcb591ce8605b4d4c171775ed6bd392850

          SHA512

          458edb0f29f7e7d92dfb46981a59d8ff3a9c47ab2f09077000ef03ad063ebb94361adfddeb1e5dbc3857e6c639559bf1a14968ac905fd1d3756bfb786fd362b0

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          3KB

          MD5

          fe7ed669299eca7fa5e2eba80ac5d86d

          SHA1

          335efbd0aa19b903fdeefbc69a0fbbaa6d826e13

          SHA256

          fd0387dca4f9285743419668d9dfb022434e9a60d0c76e8f5f371e9fae172a03

          SHA512

          ca91eb809a4020fc4afa2975e8261e46fda7d933f7138dd08f0fccb0142ce92728f1dcb488217e7748249a3100f567a60091e0dd13b33ee15c6a2b04f0e936c6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          3KB

          MD5

          dbed2591fcba0dd10beca34c013948c4

          SHA1

          5b7e6a821318265f5e29f5f5cba78faa60e0bc51

          SHA256

          275fa4414fd3f9e0b60406ed021c4cba9c0a7d3b04bdd9f6556b42d4fff8f831

          SHA512

          01d0a45567ee4f127456fb65c25c179f085115221f928aa257e0e8562731b97b2b641b3849cdbac43cb776b6c2b34bcfd547658479ac236a02aa3aa8c3c9443f

          Download Submit

        • memory/4168-15-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-17-0x00007FFC12D10000-0x00007FFC12D20000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4168-5-0x00007FFC16880000-0x00007FFC16890000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4168-4-0x00007FFC16880000-0x00007FFC16890000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4168-7-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-8-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-9-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-11-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-13-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-14-0x00007FFC53E80000-0x00007FFC53F2E000-memory.dmp

          Filesize

          696KB

          Download

        • memory/4168-16-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-0-0x00007FFC16880000-0x00007FFC16890000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4168-18-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-6-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-19-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-20-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-21-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-25-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-23-0x00007FFC53E80000-0x00007FFC53F2E000-memory.dmp

          Filesize

          696KB

          Download

        • memory/4168-22-0x00007FFC12D10000-0x00007FFC12D20000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4168-1-0x00007FFC16880000-0x00007FFC16890000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4168-3-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-2-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-210-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4168-216-0x00007FFC567F0000-0x00007FFC569CB000-memory.dmp

          Filesize

          1.9MB

          Download