Overview

overview

10

Static

static

3

Injected_L...re.exe

windows10-1703-x64

10

Injected_L...re.exe

windows7-x64

10

Injected_L...re.exe

windows10-1703-x64

10

Injected_L...re.exe

windows10-2004-x64

10

Injected_L...re.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-03-2024 15:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Injected_LoadExe_Malware.exe

  • Size

    428KB

  • MD5

    7f7f7f4694f450ed2a0c4ada853a37ca

  • SHA1

    3ed531540d781153b51afd253c8eb4c2d1f62deb

  • SHA256

    ed7a16bc643d74cd6a15ec9dcc8872e6a30b28b2ce012bd6f6ed6bfa75a61881

  • SHA512

    988da1646e17d33e270e5e898e09504aa770d00fb2164e0d49ee6bc7ba3d7fbb915616ea7b0ed5dc9ba4089fe91fc667da37636d1e02c9a0199a20e54885df6c

  • SSDEEP

    12288:+K2mhAMJ/cPlFBUVbCwc7FFaQyG4NvIX/gsXyssKR:v2O/GlFBsCwwFwb+Fs0

Score
10/10
plugxtrojan

Malware Config

Signatures

  • Detects PlugX payload 19 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 20 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Injected_LoadExe_Malware.exe
    "C:\Users\Admin\AppData\Local\Temp\Injected_LoadExe_Malware.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\iusb3mon.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\iusb3mon.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:1904
  • C:\ProgramData\Intel\Intel(R) Management Engine Components\iusb3mon.exe
    "C:\ProgramData\Intel\Intel(R) Management Engine Components\iusb3mon.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:700
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe 201 0
      2⤵
      • Deletes itself
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3692
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\system32\msiexec.exe 209 3692
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Intel\Intel(R) Management Engine Components\iusb3mon.exe.mui
    Filesize

    175KB

    MD5

    7d06055a1226eaac88e8050adcd938e1

    SHA1

    971639945181013991426595ddd39d3f2f92bcde

    SHA256

    cd0d6bc8a0c3e7639cc7eb85a0653c59860a35fcf552c3b1ff05a116d656258c

    SHA512

    b569326038bc5d67707467e390ecd97e8e6b97ae240f8300d365dc5164acade61cb081f9c27e8e112d356c688ac8bf8f63adc85e6938261d9fb2240274f5ab1e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\iusb3mon.dll
    Filesize

    4KB

    MD5

    53c8cecfec9def827dd79eba8894c073

    SHA1

    4fb4895d41e62d69fe7f4f27a2f1355dcc06cc3a

    SHA256

    6104ae31a6fde52b4e8c4a1a32de0719e0dc9d8aee5e258ef578e5371d6ef388

    SHA512

    2049546fa25e3ca51d2c220f246fe5622b93badfc1d5d4c38262a3003109f3ca983298fc15dd6bc785567d69cb5a75f79967582f5cdc6e65d27edd6b55cef7a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\iusb3mon.exe
    Filesize

    285KB

    MD5

    9166c1276b296bc78fa816cd8448cd32

    SHA1

    b5e48ccae94269ca95904fc58440113e9a4cae00

    SHA256

    1d2bf20f9ea7665281e5f9ffe50a8127e4618cb76c6a47a27e7aca196327c395

    SHA512

    35d8a6475d9579d9134f0fad4c1c5db9db6b0ffd06ba451193f3f89b0d23983067e12758b620aad90b3042a14a004c0fbdcbb99dfe7c669d2101434e709d0e26

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\iusb3mon.exe.mui
    Filesize

    225KB

    MD5

    9b697afa24fa4e8e32c97bfe3f791344

    SHA1

    7b8563102dbb1de9cf96cfb51dcdf0b5116e26aa

    SHA256

    1cf6eb9eb9816318b894fe342124edcfabf8544fdf7d46e5ca2c13ca4c49603e

    SHA512

    d0f024c7db17e645b4785fd0800706a6c2f62449b1aaf062a65da197fe110ac16938b26472c2fbfdd306435234c63d695b63932b3c06fa54ba38a633b9ddd082

    Download Submit

  • C:\log\haha.txt
    Filesize

    2KB

    MD5

    b896d1d25142488dc7fc5a8ca4082daa

    SHA1

    3043e4023ef8a83f946d91deab2f3ece1ac0fb9e

    SHA256

    8651bbbfb4954c85e391019fdc0943f6be95bf9a3b75afcc585126b9422fb16f

    SHA512

    a5666da25998e9bc16da3b915dc7cc19ff505972241b192e413dbf5c637c37fb19cb5d9b973cc7225f332a9593b21e5ae0d220f82694afdb554716e5fb61216d

    Download Submit

  • C:\log\haha.txt
    Filesize

    4KB

    MD5

    0461bd484a6b6f13b2b33698e51d2ed6

    SHA1

    63479eeb49a0d6446b73918ee6ee8097ae9eebfb

    SHA256

    fd0ff959f726639ed7ec4e9e4399a49742c2921559471ad58bac1bb71e3831d6

    SHA512

    6e6f1631f574ed0d0eba1fb53f902335b2c1afc29946be96282b922c8901872fc0899718bdb9d210a0a93f0be300bfd19c55d57a749215337d1d1ffa358b1b1d

    Download Submit

  • \??\c:\log\haha.txt
    Filesize

    19KB

    MD5

    57afaa5c88231beb720a034162c5149c

    SHA1

    73ea9206d5f6648c714adc120bdb0f733ae8e9a4

    SHA256

    4cd587c078adb376848ff1c756e34d9bf7cc29f79883b8c1967042067d006998

    SHA512

    49856f32976ee024c49598903ffdde6b13b7342397d610456b9c54994b4f70a16b59042187a2820612c52e1f25e80186357125450966a6ed50289e7cf910f44f

    Download Submit

  • \??\c:\log\haha.txt
    Filesize

    20KB

    MD5

    e402713c3d733248eb967522fe012b2b

    SHA1

    e9790ff2abd32731278522d2ee21eef8846cdfdc

    SHA256

    6db89137efc3538b9686478a87e5cc3dfa1241cd9f6c91b753b365b7da8752ab

    SHA512

    b78dd26064f6c32f6c5a5c7cf3f266a87a99990bd366addc59c07f00f2e5d64408f29f07f6fd998399eba3beeaaacd153faed8d5d32333a49599cc6559ec480c

    Download Submit

  • \??\c:\log\haha.txt
    Filesize

    4KB

    MD5

    009f58953030fe989683118d1df566e1

    SHA1

    cf583c448446b352b68ff0179ec953737b12ebfe

    SHA256

    1ac49ef0996b5bb3c51eded325b10329cffcaf941da4adb5ff2e6bf71f389a75

    SHA512

    07359bd3fd0263f9967b8730be543d8434ee5b7c09329e8c7928c0ba9fc361534155b6f327c2ef764987f2f1761b3474f14b74423f30f011ceb405ffbe237c99

    Download Submit

  • \??\c:\log\haha.txt
    Filesize

    8KB

    MD5

    ad1abdb019ca095eb2e27db49456b50c

    SHA1

    fd8a9162710d7e952a676780393dd84a5d7b0d80

    SHA256

    e964c783084836bfb07f6bfb327a12049998268e8fa20a568e40054f7d3fe519

    SHA512

    fd57a96c1c0ff7f8455bc9c726676312815c0ecdfe0c00d36f1a9116e8d122a375c0d82cdde8721a56735c526fd0260b5aaf4c302844447a70189bf6a9e34d9e

    Download Submit

  • \??\c:\log\haha.txt
    Filesize

    8KB

    MD5

    8d7be8f439c3764ee4630e4ab8866be7

    SHA1

    8aebe8f15b194993bba5c839e441ca2c78a879a2

    SHA256

    063b81b18559f86a3340d2181a72b863f43484aefebff7184adb11cbb91078a2

    SHA512

    6732481a497d8345beef61eec41d5081dee9a2722c2e6971e6e36340a947db2af285e52853300bd2fa75bcc32ef6c1248452212647dcb3d9f18e9092b106a479

    Download Submit

  • \??\c:\log\haha.txt
    Filesize

    9KB

    MD5

    405dad9ecb690e09aecbe749f30009a2

    SHA1

    bcb9c048adf3b7c8c6b279d8e71784a10ffe5c90

    SHA256

    b4b52d53da4afd13805e8419933f13bed512e1f5d67b0b9d40ec1d5bacf4bea9

    SHA512

    9139f58f5b61dfb7f2249ffac040f649ac8648535eb1203cbf3e3946a665328ecab9ef19ceebc207abf350db8300681209b8819db306a4a99a34b07ed786f9be

    Download Submit

  • memory/700-45-0x0000000000260000-0x00000000002AB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/700-71-0x0000000001C10000-0x0000000001C68000-memory.dmp

    Filesize

    352KB

    Download

  • memory/700-51-0x0000000001C10000-0x0000000001C68000-memory.dmp

    Filesize

    352KB

    Download

  • memory/780-314-0x00000000036B0000-0x0000000003708000-memory.dmp

    Filesize

    352KB

    Download

  • memory/780-141-0x00000000036B0000-0x0000000003708000-memory.dmp

    Filesize

    352KB

    Download

  • memory/780-150-0x00000000036B0000-0x0000000003708000-memory.dmp

    Filesize

    352KB

    Download

  • memory/780-148-0x00000000036B0000-0x0000000003708000-memory.dmp

    Filesize

    352KB

    Download

  • memory/780-147-0x0000000000F90000-0x0000000000F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/780-149-0x00000000036B0000-0x0000000003708000-memory.dmp

    Filesize

    352KB

    Download

  • memory/780-142-0x0000000001040000-0x0000000001041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1904-13-0x00000000000A0000-0x00000000000EB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1904-19-0x0000000002930000-0x0000000002988000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1904-39-0x0000000002930000-0x0000000002988000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1904-14-0x00000000028F0000-0x0000000002929000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3692-81-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-114-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-109-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-106-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-101-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-96-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-93-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-92-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-91-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3692-57-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3692-158-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download

  • memory/3692-62-0x00000000030D0000-0x0000000003128000-memory.dmp

    Filesize

    352KB

    Download