Overview

overview

8

Static

static

3

ad8a498246...ac.exe

windows7-x64

8

ad8a498246...ac.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 03:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ad8a49824630d91ddae5ff9d5536baac.exe

  • Size

    55KB

  • MD5

    ad8a49824630d91ddae5ff9d5536baac

  • SHA1

    0537059762b5255eeee2eb2a1197d5aefb88d67a

  • SHA256

    7d50472a10425b4ffd66e4c8911368dc90e28fd24fab60147328031c2cb2efae

  • SHA512

    5b12ec78336a83370197babeb55f56e4298f8405f61d9a9cedb6f25fb4a86b9ccd4356747bbea9c9325e7fccf3cf87cd908eb092b278cb6f8f98818dedfd17e9

  • SSDEEP

    1536:nABhoTo2nKSsIuvMSEzeUFZevSRmO1iP:nALMv/s1vBEzeU3evSRmtP

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad8a49824630d91ddae5ff9d5536baac.exe
    "C:\Users\Admin\AppData\Local\Temp\ad8a49824630d91ddae5ff9d5536baac.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Windows\SysWOW64\XinQQ.exe
      C:\Windows\system32\XinQQ.exe
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\~wohd!.BAt
        3⤵
          PID:2636
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\~lqwu!.BAt
        2⤵
        • Deletes itself
        PID:2540

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\~lqwu!.BAt
            Filesize

            214B

            MD5

            7f911abb66e8894bc9887ffb9bc788f0

            SHA1

            be56f8c3ea4697ff7089a123efbce1ecf76dc94d

            SHA256

            deaf98526c950504d0058b99615c3bf7c13a82e502cbdf28faba3172ab08a775

            SHA512

            f2f69513936a0ecfb3766b097ef45506f9f8dcd6a77fa5190872406cf6d8bf9f72f1389ddad99aa46b42ccfcf607910378760226e4de2fe6e6040debb82b49f7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\~wohd!.BAt
            Filesize

            132B

            MD5

            d6ab2fb510aa1bb7197af441a8a7034a

            SHA1

            c89ce27138003865659d005ee8f329a1e1bda942

            SHA256

            f9a6e0f59646f4d01890ce89c81e305e9a5dc5e4e9a927abdb4a2a4770c6e8fc

            SHA512

            ffd60dbd89feddc2475cc946354dbd79d97ff85c49c998ff4ade9e6637f6b5b1301392baafe2d42e62eec724b926a8a0a1cb13b52f845d958f1acbb5cd2d21cf

            Download Submit

          • \Users\Admin\AppData\Local\Temp\xxltn.tmp
            Filesize

            3KB

            MD5

            985f9333cfedc06015fd762b3a237ef4

            SHA1

            c0bdcd8f7390b6cf73cf0409f920b345086b08d0

            SHA256

            a216924f0022b48ec06218c1519dfbe7c4f27bb2dc18b8055055376b42c16a79

            SHA512

            25abba00fbfb6e70cdece60b9a899ce44e18447612e8cdea8f1499fb6ddff9a769dd68efdf060e8f3d16d6701a5f3c1768b4423846b1f5937753312d557d306d

            Download Submit

          • \Windows\SysWOW64\XinQQ.exe
            Filesize

            55KB

            MD5

            ad8a49824630d91ddae5ff9d5536baac

            SHA1

            0537059762b5255eeee2eb2a1197d5aefb88d67a

            SHA256

            7d50472a10425b4ffd66e4c8911368dc90e28fd24fab60147328031c2cb2efae

            SHA512

            5b12ec78336a83370197babeb55f56e4298f8405f61d9a9cedb6f25fb4a86b9ccd4356747bbea9c9325e7fccf3cf87cd908eb092b278cb6f8f98818dedfd17e9

            Download Submit

          • memory/1912-0-0x0000000000400000-0x0000000000433000-memory.dmp

            Filesize

            204KB

            Download

          • memory/1912-17-0x0000000000890000-0x00000000008C3000-memory.dmp

            Filesize

            204KB

            Download

          • memory/1912-48-0x0000000000400000-0x0000000000433000-memory.dmp

            Filesize

            204KB

            Download

          • memory/2360-21-0x0000000000400000-0x0000000000433000-memory.dmp

            Filesize

            204KB

            Download

          • memory/2360-22-0x00000000001B0000-0x00000000001F0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2360-45-0x0000000000400000-0x0000000000433000-memory.dmp

            Filesize

            204KB

            Download