Overview

overview

5

Static

static

3

5252e00d2d...f9.exe

windows7-x64

3

5252e00d2d...f9.exe

windows10-2004-x64

3

$PLUGINSDIR/LogEx.dll

windows7-x64

3

$PLUGINSDIR/LogEx.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...s2.dll

windows7-x64

3

$PLUGINSDI...s2.dll

windows10-2004-x64

3

$_4_/EntAd...$1.exe

windows7-x64

5

$_4_/EntAd...$1.exe

windows10-2004-x64

1

$_4_/EntAd...sh.exe

windows7-x64

1

$_4_/EntAd...sh.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_4_/EntAdmin/publish/$1.exe

  • Size

    2.0MB

  • MD5

    0194749f3c6a0ef6de1ba88bcb5330cc

  • SHA1

    1791cac7c60ab35101f0181db1ea42c28dfc27bf

  • SHA256

    6b242f7181ad73c6175c1bc35b61a412e546b45aca84927b85ac55c48975987a

  • SHA512

    f5a28d242dbac74f9496b98c0afe4e11cdd17c078f148aabf5492172f8afbf72223962e3bf164b02af8226f1c36dcab21f55a16badc8986b98724917464e3137

  • SSDEEP

    49152:73wQLKexImrAbjzcw2j/4YMsEYziO1FjULFDXsfNWq3Ut9p/ETP10cViGsXtnT:Ee9iO1FjUlsl1Sbz

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_4_\EntAdmin\publish\$1.exe
    "C:\Users\Admin\AppData\Local\Temp\$_4_\EntAdmin\publish\$1.exe"
    1⤵
      PID:2112
    • C:\Users\Admin\AppData\Local\Temp\$_4_\EntAdmin\publish\$1.exe
      "C:\Users\Admin\AppData\Local\Temp\$_4_\EntAdmin\publish\$1.exe" /service
      1⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:1652

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\$_4_\EntAdmin\publish\360EntPublish.dat
      Filesize

      16KB

      MD5

      49416980fb093693137b567c4ac4acb3

      SHA1

      9176516095f5f5d0b126c077d8f3c01633426b56

      SHA256

      5158e766a54b207461f35bccea69616667b4a98573d507f9549ee2337639c1f8

      SHA512

      957731baa7e9d17ce76e9b64060725c6b00b92b9990ce84aa5dd381b464327a3865e981e222f45ed71bff0368124bf6c7cdd793f45914ffee0217011639d63ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$_4_\EntAdmin\publish\360EntPublish.ini
      Filesize

      29B

      MD5

      d12f6e84a16b77dd66a49c0a6fb62822

      SHA1

      1b602c2bc5b55d5ca8ce837f480099608c63ed1e

      SHA256

      315c5f3ba0743d064d86724134bf04eaab7f9b43b2b888bfee4e486613445975

      SHA512

      10cfd766558832a214c3f9558e7f7eb78d84ddc7e0a8118fe3e35498f21af395c626fc7fe75cffaf2b9414afabb13b1750ea6efb89b58d45e9a103fe61bb3bd5

      Download Submit