Overview
overview
10Static
static
7Trojan/+.exe
windows7-x64
1Trojan/+.exe
windows10-2004-x64
1Trojan/0.9...35.exe
windows7-x64
8Trojan/0.9...35.exe
windows10-2004-x64
8Trojan/000.exe
windows7-x64
Trojan/000.exe
windows10-2004-x64
Trojan/0x07.exe
windows7-x64
8Trojan/0x07.exe
windows10-2004-x64
8Trojan/0xc6666666.exe
windows7-x64
1Trojan/0xc6666666.exe
windows10-2004-x64
1Trojan/10r...er.exe
windows7-x64
6Trojan/10r...er.exe
windows10-2004-x64
6Trojan/10r...et.exe
windows7-x64
Trojan/10r...et.exe
windows10-2004-x64
Trojan/13r...er.exe
windows7-x64
Trojan/13r...er.exe
windows10-2004-x64
6Trojan/13r...et.exe
windows7-x64
3Trojan/13r...et.exe
windows10-2004-x64
7Trojan/2repair.exe
windows7-x64
Trojan/2repair.exe
windows10-2004-x64
Trojan/3PC.exe
windows7-x64
1Trojan/3PC.exe
windows10-2004-x64
1Trojan/4mm...sy.exe
windows7-x64
1Trojan/4mm...sy.exe
windows10-2004-x64
1Trojan/666.exe
windows7-x64
Trojan/666.exe
windows10-2004-x64
Trojan/666...sy.exe
windows7-x64
1Trojan/666...sy.exe
windows10-2004-x64
1Trojan/9re...er.exe
windows7-x64
Trojan/9re...er.exe
windows10-2004-x64
Trojan/9re...et.exe
windows7-x64
3Trojan/9re...et.exe
windows10-2004-x64
7Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 23:32
Behavioral task
behavioral1
Sample
Trojan/+.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Trojan/+.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Trojan/0.950095298700035.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Trojan/0.950095298700035.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Trojan/000.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Trojan/000.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Trojan/0x07.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Trojan/0x07.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Trojan/0xc6666666.exe
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Trojan/0xc6666666.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Trojan/10reset/10reset-helper.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Trojan/10reset/10reset-helper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Trojan/10reset/10reset.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Trojan/10reset/10reset.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Trojan/13reset/13reset-helper.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Trojan/13reset/13reset-helper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Trojan/13reset/13reset.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Trojan/13reset/13reset.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Trojan/2repair.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Trojan/2repair.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Trojan/3PC.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Trojan/3PC.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
Trojan/4mm psy/4mm psy.exe
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
Trojan/4mm psy/4mm psy.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Trojan/666.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Trojan/666.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Trojan/666mm psy/666mm psy.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Trojan/666mm psy/666mm psy.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Trojan/9reset/9RESET-helper.exe
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
Trojan/9reset/9RESET-helper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Trojan/9reset/9reset.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Trojan/9reset/9reset.exe
Resource
win10v2004-20240226-en
General
-
Target
Trojan/4mm psy/4mm psy.exe
-
Size
6KB
-
MD5
529ef7f53e3fd61c1cad2c7ecf8b1c6d
-
SHA1
d67ef17f5389fa2e38f2acdf9f703be88b1773f7
-
SHA256
aa761ff437cee15e503fd70fda87dbdd04329ac4614477cf4670babd6c2bee02
-
SHA512
d996473bee9724bce5293c6bf711efa6a01f23aebdf60926a01bca44fa257eeb49935b4113ee9b65fbbc0d2754689009b9b03ebb4962426c53dabe9f3c2787b9
-
SSDEEP
48:0Pzuz3/foXeYDjyaAYqMettsQSaJiTi8xLEcztPLb3b3vr5vEuu6P+65I6FPrSh:0P67TeuaABBDSyst9pvr51V+65vDs
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
4mm psy.execmd.exedescription pid process target process PID 1268 wrote to memory of 2288 1268 4mm psy.exe cmd.exe PID 1268 wrote to memory of 2288 1268 4mm psy.exe cmd.exe PID 1268 wrote to memory of 2288 1268 4mm psy.exe cmd.exe PID 1268 wrote to memory of 2288 1268 4mm psy.exe cmd.exe PID 2288 wrote to memory of 2244 2288 cmd.exe cscript.exe PID 2288 wrote to memory of 2244 2288 cmd.exe cscript.exe PID 2288 wrote to memory of 2244 2288 cmd.exe cscript.exe PID 2288 wrote to memory of 2244 2288 cmd.exe cscript.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Trojan\4mm psy\4mm psy.exe"C:\Users\Admin\AppData\Local\Temp\Trojan\4mm psy\4mm psy.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1268 -
C:\Windows\SysWOW64\cmd.exe/c ""C:\Users\Admin\AppData\Local\Temp\259399835.bat" "2⤵
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Windows\SysWOW64\cscript.execscript [regtaskmgr.vbs]3⤵PID:2244
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
135B
MD5826431d3df1879172a96555d7ba0aeef
SHA1f56ff5d3c06f78f53884071d1357ba79ee85b96e
SHA256e22b0b5185247a3ca52cb7cd6a271efced0d1d6e8910294f7131241f5d58b7ee
SHA512e995b82e1716ab7f7ea8d810a441ce2b68e570c0e31386670e6c193a11131e5274747205a3245424b7d71b7b0745313bd522eff452b175c80425fbf5ef2bbc52