Overview

overview

7

Static

static

3

lxz20100101.exe

windows7-x64

7

lxz20100101.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 01:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    lxz20100101.exe

  • Size

    857KB

  • MD5

    2ff6e47f1f01bbfe1c6c64b6ae743465

  • SHA1

    d1a6edc9ef8bd4cff95a01d05045b3e0b0b4ec48

  • SHA256

    85fe6d4c5e00a957eb2d9e71b52c0e9861eeccdd9e6d2c3cc2dc04a0e50e3245

  • SHA512

    751876f2884881dccfbaa61f821c51200f96ed7eaa0e511b38fbb0b21a3b08a537ccfb6c18b7f04bcf9d05eb19b949efd13eb9fe082359c430205eb445ae6fae

  • SSDEEP

    24576:4u72yrRsR1uZXJ7/0lBzVkQHOhkBejtacT7x99:4USIXJj0zJHQkBk3T7x7

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lxz20100101.exe
    "C:\Users\Admin\AppData\Local\Temp\lxz20100101.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Users\Admin\AppData\Local\Temp\lxzsk.exe
      C:\Users\Admin\AppData\Local\Temp
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4556

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\c.txt
          Filesize

          1B

          MD5

          7215ee9c7d9dc229d2921a40e899ec5f

          SHA1

          b858cb282617fb0956d960215c8e84d1ccf909c6

          SHA256

          36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

          SHA512

          f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\ggxs.htm
          Filesize

          2KB

          MD5

          5adebe2bec9a2ac1ddc77027c2a836f8

          SHA1

          a7dcc272d87802349ea9d99fcbeb61d6038e9628

          SHA256

          2d07acd0b1439bb80cc665a41caa93b8ac10aad3897d04d61a53d0e540b0936b

          SHA512

          6f1b49f122cfe07a3dcc6fcfa09783b6c342cb659f5ab2247fa950b4d84e47e8eb68f9cbf18e9537cb6514b3d8803670d127e37cc99a5ec8add1eb389feb1aef

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\lxzsk.exe
          Filesize

          1.2MB

          MD5

          861e86f2ea863ed8fce380929fca0ffb

          SHA1

          5d1e02e1bbf89080b365a4989c45645808f6adf5

          SHA256

          5d1d678e24afccedbcc3b6fac172e78a8c03f186e9e872e193981f5df518dd81

          SHA512

          5b9558741c39358083afb1d5cd2ea32f4a8c8fa4202002ce87443b98efa24a2fc039126af68d16be36395f81c0cc1a0cc981f8747283a5e7e7717d022aa2837e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\smsk.dll
          Filesize

          2.3MB

          MD5

          64f7634f911ca1add0eed191b0279b30

          SHA1

          ff2adb345a424cb2ea6d56290d96cc3d7b4cdbea

          SHA256

          7724c81344816bdecb0f2e2dee403c7d9c91adcf94a2a0e9b08cb33aa3414ba3

          SHA512

          d6c05909732045984cef059ce3e56f454cabc44664cae9eb42962092fd7efea85b383efec91bc06125b0dfab995629b67614ca709a96623e9c22da70f3954edd

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\user.dll
          Filesize

          58KB

          MD5

          b00722fe169cd9c299ed680cf1f70f9d

          SHA1

          d6866e9374f6bc200b79e421b6e49d73e72494a1

          SHA256

          931e28058383f653f1fd61878fe9dc912e04349b3a55310640069e50f041081b

          SHA512

          7d6e4be30e33fced995ce38e44870e00fdcfd05f955fcbd2d90658e8d42809fa910493e1ac0839a6b20e472c4f06d7a2f70122ac586d7c71d1264c7e7bef917f

          Download Submit

        • memory/2444-0-0x0000000000400000-0x00000000008D5000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/2444-1-0x0000000000A40000-0x0000000000A41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2444-2-0x0000000000400000-0x00000000008D5000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/2444-8-0x0000000000A90000-0x0000000000A91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2444-22-0x0000000000400000-0x00000000008D5000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/2444-23-0x0000000000A40000-0x0000000000A41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4556-16-0x00000000030D0000-0x00000000030E3000-memory.dmp

          Filesize

          76KB

          Download