Overview
overview
10Static
static
7Trojan/+.exe
windows7-x64
1Trojan/+.exe
windows10-2004-x64
1Trojan/0.9...35.exe
windows7-x64
8Trojan/0.9...35.exe
windows10-2004-x64
8Trojan/000.exe
windows7-x64
Trojan/000.exe
windows10-2004-x64
Trojan/0x07.exe
windows7-x64
8Trojan/0x07.exe
windows10-2004-x64
8Trojan/0xc6666666.exe
windows7-x64
1Trojan/0xc6666666.exe
windows10-2004-x64
1Trojan/10r...er.exe
windows7-x64
6Trojan/10r...er.exe
windows10-2004-x64
6Trojan/10r...et.exe
windows7-x64
Trojan/10r...et.exe
windows10-2004-x64
Trojan/13r...er.exe
windows7-x64
Trojan/13r...er.exe
windows10-2004-x64
6Trojan/13r...et.exe
windows7-x64
3Trojan/13r...et.exe
windows10-2004-x64
7Trojan/2repair.exe
windows7-x64
Trojan/2repair.exe
windows10-2004-x64
Trojan/3PC.exe
windows7-x64
1Trojan/3PC.exe
windows10-2004-x64
1Trojan/4mm...sy.exe
windows7-x64
1Trojan/4mm...sy.exe
windows10-2004-x64
1Trojan/666.exe
windows7-x64
Trojan/666.exe
windows10-2004-x64
Trojan/666...sy.exe
windows7-x64
1Trojan/666...sy.exe
windows10-2004-x64
1Trojan/9re...er.exe
windows7-x64
Trojan/9re...er.exe
windows10-2004-x64
Trojan/9re...et.exe
windows7-x64
3Trojan/9re...et.exe
windows10-2004-x64
7Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 23:32
Behavioral task
behavioral1
Sample
Trojan/+.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Trojan/+.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Trojan/0.950095298700035.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Trojan/0.950095298700035.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Trojan/000.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Trojan/000.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Trojan/0x07.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Trojan/0x07.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Trojan/0xc6666666.exe
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Trojan/0xc6666666.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Trojan/10reset/10reset-helper.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Trojan/10reset/10reset-helper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Trojan/10reset/10reset.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Trojan/10reset/10reset.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Trojan/13reset/13reset-helper.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Trojan/13reset/13reset-helper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Trojan/13reset/13reset.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Trojan/13reset/13reset.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Trojan/2repair.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Trojan/2repair.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Trojan/3PC.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Trojan/3PC.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
Trojan/4mm psy/4mm psy.exe
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
Trojan/4mm psy/4mm psy.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Trojan/666.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Trojan/666.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Trojan/666mm psy/666mm psy.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Trojan/666mm psy/666mm psy.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Trojan/9reset/9RESET-helper.exe
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
Trojan/9reset/9RESET-helper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Trojan/9reset/9reset.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Trojan/9reset/9reset.exe
Resource
win10v2004-20240226-en
General
-
Target
Trojan/9reset/9reset.exe
-
Size
385KB
-
MD5
d05daaa1e1b95fa203891321f2345540
-
SHA1
e05de699d799c1366c0d0285a4c0395aa9b69fc9
-
SHA256
42785338860918c7caeb035d8f5689e258a1768db1650cd4758ac595a5c6a2bd
-
SHA512
fc63d87da773f145482a2d61d1583ba1f4ec76761522092990d83f710c9f282294d1f83948318a37678c5bd5e3f178fca7a07e6c0cd36643ab17b37902997f3d
-
SSDEEP
6144:9t5hBPi0BW69hd1MMdxPe9N9uA069TBxq/:9tzww69TLK
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
9reset.exedescription pid process target process PID 2120 wrote to memory of 1200 2120 9reset.exe cmd.exe PID 2120 wrote to memory of 1200 2120 9reset.exe cmd.exe PID 2120 wrote to memory of 1200 2120 9reset.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Trojan\9reset\9reset.exe"C:\Users\Admin\AppData\Local\Temp\Trojan\9reset\9reset.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1FD0.tmp\1FD1.tmp\1FD2.bat C:\Users\Admin\AppData\Local\Temp\Trojan\9reset\9reset.exe"2⤵PID:1200
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
85B
MD5f2d5cf0bf3d6ec8c6d5dc97af835c5e5
SHA15b60f43fa6d5810bad58de5f06a0f84dd4aa9bf6
SHA25631ee6e28c82ab165ca3048aec9a88c8590d6f0b94b88e7f87b6ec36d2fa0a24c
SHA512075fb8005c93d9f61dfa07b41424591ff518a6f9c8a1fff74d1e6df39ec56377e48208e08a01485eafeced2880a4b18061ddfa637611a89ce3f252580c2deff9