Overview

overview

7

Static

static

3

bee164166a...07.exe

windows7-x64

7

bee164166a...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 14:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bee164166adcef7e8a606c0e80c53107.exe

  • Size

    675KB

  • MD5

    bee164166adcef7e8a606c0e80c53107

  • SHA1

    cb8deff49600e5247c41c2b910f5d297a8acc311

  • SHA256

    c58b1b251fe04fa9c03209a5c51ccbcb5129452c7f64775c8ee5ee9f4cbe99d9

  • SHA512

    12374fb8bc9df648e419885b59db1ab6970f171dd836f5d6ffc40c61a7dab394cdf88a5ac3d840f0c3a760e2985512a7cef6f845fe7daaeb1ac2002e0c8c16b4

  • SSDEEP

    12288:zr4MR9aE21x4laD4UK6GUAGkrSo/2AHoWnF3Z4mxxr3uwcnwCVkCj:zr4MfaEEBZG9dSfonQmXrK3KCj

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bee164166adcef7e8a606c0e80c53107.exe
    "C:\Users\Admin\AppData\Local\Temp\bee164166adcef7e8a606c0e80c53107.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:2752
  • C:\Windows\svchost.com.cn.exe
    C:\Windows\svchost.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2656

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\svchost.com.cn.exe
          Filesize

          675KB

          MD5

          bee164166adcef7e8a606c0e80c53107

          SHA1

          cb8deff49600e5247c41c2b910f5d297a8acc311

          SHA256

          c58b1b251fe04fa9c03209a5c51ccbcb5129452c7f64775c8ee5ee9f4cbe99d9

          SHA512

          12374fb8bc9df648e419885b59db1ab6970f171dd836f5d6ffc40c61a7dab394cdf88a5ac3d840f0c3a760e2985512a7cef6f845fe7daaeb1ac2002e0c8c16b4

          Download Submit

        • C:\Windows\uninstal.bat
          Filesize

          190B

          MD5

          a58217879a306155e440e8e93cb9efa6

          SHA1

          af5235f33be2eb8484732b58067feadb7a08a288

          SHA256

          4c36582920333e041442997cce198ad668fd45124a70d3e50e9ddde4c107d4b2

          SHA512

          e86638e1ffcaaa87cd26db95782912c4b54a2fd0701837a4b464b4b36606d1749b321ae85cc9c9335fc53c76b48df7aa31328a0f262c2ab589efa3838c95fe2d

          Download Submit

        • memory/2440-15-0x0000000001E80000-0x0000000001E81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-14-0x0000000002010000-0x0000000002011000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-26-0x00000000023B0000-0x00000000023B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-25-0x00000000023C0000-0x00000000023C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-24-0x0000000002040000-0x0000000002041000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-23-0x0000000002050000-0x0000000002051000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-22-0x0000000002380000-0x0000000002381000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-21-0x00000000023A0000-0x00000000023A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-20-0x0000000001E90000-0x0000000001E91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-13-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-17-0x0000000002000000-0x0000000002001000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-16-0x00000000005E0000-0x00000000005E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-32-0x00000000005D0000-0x00000000005D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-31-0x00000000032A0000-0x00000000032A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-30-0x00000000032B0000-0x00000000032B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-29-0x00000000032C0000-0x00000000032C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-28-0x0000000000260000-0x0000000000261000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-27-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-18-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-0-0x0000000000400000-0x0000000000537000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2440-19-0x0000000002020000-0x0000000002021000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-12-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-11-0x0000000003280000-0x0000000003283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2440-10-0x00000000005C0000-0x00000000005C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-9-0x0000000003290000-0x0000000003291000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-8-0x0000000000590000-0x0000000000591000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-7-0x00000000005A0000-0x00000000005A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-6-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-5-0x0000000000280000-0x0000000000281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-4-0x00000000005B0000-0x00000000005B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-3-0x0000000000550000-0x0000000000551000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-2-0x0000000000570000-0x0000000000571000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2440-48-0x0000000001D20000-0x0000000001D74000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2440-1-0x0000000001D20000-0x0000000001D74000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2440-47-0x0000000000400000-0x0000000000537000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2656-39-0x0000000003170000-0x0000000003171000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2656-36-0x0000000000400000-0x0000000000537000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2656-38-0x0000000003170000-0x0000000003171000-memory.dmp

          Filesize

          4KB

          Download