Overview

overview

8

Static

static

7

bf1ebdcba1...9d.exe

windows7-x64

8

bf1ebdcba1...9d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 16:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bf1ebdcba1c98cc136ec5c58ce2d1f9d.exe

  • Size

    14KB

  • MD5

    bf1ebdcba1c98cc136ec5c58ce2d1f9d

  • SHA1

    26d91c85e38fc22a15fa3234d58e226bd124f913

  • SHA256

    818174375a4fac53d118f9b988c1c8975720f3dc06f6f1d654dcf444142b2555

  • SHA512

    0699f252f55dab311171492396428b9ee924b3ba67a599bb7e0eaf1222e2cc7f82bf7cf86df83cf9757301f81664971798dfb2b2fba08f4bf78dc0b3b57b5342

  • SSDEEP

    384:gvI2g4UY8ZgbgvR4drgzn63YNU/czhMd/sfF:gvI2WY8Wbgp46zn6Ihwkf

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf1ebdcba1c98cc136ec5c58ce2d1f9d.exe
    "C:\Users\Admin\AppData\Local\Temp\bf1ebdcba1c98cc136ec5c58ce2d1f9d.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4164
    • C:\Windows\SysWOW64\zongximk.exe
      C:\Windows\system32\zongximk.exe ˜‰
      2⤵
      • Executes dropped EXE
      PID:2284
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bf1ebdcba1c98cc136ec5c58ce2d1f9d.exe.bat
      2⤵
        PID:3472

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\bf1ebdcba1c98cc136ec5c58ce2d1f9d.exe.bat
            Filesize

            182B

            MD5

            08cefdc5dad9eca70d652d55966c1952

            SHA1

            b237645ec9e11b66f46b653dc182f5aa0679c799

            SHA256

            6ca02d764fe3a7aed397a8d88b59d61a056fb80ea381a6ebaa9d03e5573aca6d

            SHA512

            670d6a75a5a35a272318b29f4d97b84280eb0b6b823ab2e6ab1c71ecacfc58db3b144711e9e33d65ead0397e9f81cbcd3f9608d0722da4d02ad2a86cf61be9b6

            Download Submit

          • C:\Windows\SysWOW64\zongximk.exe
            Filesize

            14KB

            MD5

            bf1ebdcba1c98cc136ec5c58ce2d1f9d

            SHA1

            26d91c85e38fc22a15fa3234d58e226bd124f913

            SHA256

            818174375a4fac53d118f9b988c1c8975720f3dc06f6f1d654dcf444142b2555

            SHA512

            0699f252f55dab311171492396428b9ee924b3ba67a599bb7e0eaf1222e2cc7f82bf7cf86df83cf9757301f81664971798dfb2b2fba08f4bf78dc0b3b57b5342

            Download Submit

          • memory/2284-7-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4164-0-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4164-6-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download