Overview

overview

10

Static

static

10

081899c525...89.dll

windows7-x64

1

082060e332...76.exe

windows7-x64

10

09d22d6340...64.exe

windows7-x64

1

1f4e927f6e...a4.exe

windows7-x64

8

20efc37efc...db.dll

windows7-x64

6

23b5ce252f...5b.exe

windows7-x64

10

35fdad147c...8f.exe

windows7-x64

1

36bfd9f40c...07.exe

windows7-x64

1

56ec95785f...a4.exe

windows7-x64

1

675e7e38d9...a8.exe

windows7-x64

9

6b4df38111...7a.exe

windows7-x64

7

6b4f6a820d...96.exe

windows7-x64

1

721ccbb780...29.exe

windows7-x64

3

75a9ade196...1d.exe

windows7-x64

10

79271d57c5...61.exe

windows7-x64

7

*.*/update.exe

windows7-x64

6

*.*/˫�...��.bat

windows7-x64

1

847001fe67...7e.exe

windows7-x64

1

97d846563e...3b.exe

windows7-x64

1

9a5a08d7a4...4a.exe

windows7-x64

10

9da42140ca...70.exe

windows7-x64

6

ac7da11c38...e2.exe

windows7-x64

10

b3489810af...5f.exe

windows7-x64

1

bf11915a5a...55.dll

windows7-x64

6

c453aa991f...3e.dll

windows7-x64

6

c97d9bbc80...15.exe

windows7-x64

10

cfe55dc501...48.exe

windows7-x64

6

d2a120aa4a...78.exe

windows7-x64

10

db97db6b03...1b.dll

windows7-x64

6

dc276b7ca4...cf.exe

windows7-x64

10

e714a8c576...a4.exe

windows7-x64

1

f0c2927859...a6.exe

windows7-x64

7

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

  • max time kernel
    178s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    *.*/update.exe

  • Size

    744KB

  • MD5

    288ad7c14b2e9cbfc8432d3d41d62164

  • SHA1

    2138ba33796ed343fb01c03f4abfdbed30bfe151

  • SHA256

    7e24716b753efa564cf6ace4abbe687a2ede68180140e4aaab8279b3328ababe

  • SHA512

    6f045adea1a9d4c1a0ec414a77c1611687a7ec4ed23ffc1fda426a396ca4244f5b212a1189dc6fb804268a5d29cec3226ccd6d3418e7e5a9923cb0733caac70c

  • SSDEEP

    12288:Yzki5f8eM8n7X0tYAY4+5684WFh5ecvSrW3yNdkeemwtuS9:OkE8eJnL02AYw84Wj5evNl0u

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 21 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\_._\update.exe
    "C:\Users\Admin\AppData\Local\Temp\_._\update.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Users\Admin\AppData\Local\Temp\_._\SinBa.exe
      "C:\Users\Admin\AppData\Local\Temp\_._\SinBa.exe"
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Drops file in Windows directory
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2972
  • C:\Windows\system32\efsui.exe
    efsui.exe /efs /keybackup
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_._\D6D136F4-F73D-48C6-8C04-A4B028B7AA4D.dat.crypt
    Filesize

    145B

    MD5

    c401bac2d2a86b224fb1dd1640998958

    SHA1

    a34169c5a35ed141b61641a11c00f3d09cc382cb

    SHA256

    1e64fc6e9dee17e504699cbd4035564f6b00dfe927d8066c9f4abc89fd06b87c

    SHA512

    9ebd9cc8c68c1bec06477fcdb1f3e0cc7b22d471a4d4fa8fe78c145a82fc828a22f33b791602ffcaa7c7bc7bf7f4161aa2d50f006fc055ce278366ff83434402

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\D6D136F4-F73D-48C6-8C04-A4B028B7AA4D.dat.crypt
    Filesize

    453B

    MD5

    ad19e6ad5b02145efd35ef5563cc303b

    SHA1

    45fff7a10ce07e1978ed96212efbae8a5cb1d75c

    SHA256

    23bd1f5c43e0580d2f1f80df3dcaf7d5620ae09fc57b314f5a3fa470c1c330a6

    SHA512

    e4a4e0d846a426dfff9616124f04e040a00b779b18b5d0bc71ef613e9ba24e5f22cf45d518cb883731ceb8368714ede8b276488b7f3417855cd0ddf5af7e2a53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\config.dat
    Filesize

    748B

    MD5

    837fdb188d6087b76e3f1b9eda177f18

    SHA1

    1781ad7569b617f6f74a57c812403e994f9b77ce

    SHA256

    ceea2c6c0a73e14fa3baee956e0a15721996d00b6c88ebfa2312fee6c4eb0cc3

    SHA512

    5d2cd8ad01315d753324a1c12165d3bccef3de438754d06699d6f88b9e367f50d6d2d561d226f884a8e00ad5f481f33f769e8b63376df1eb70e445349d519900

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\config.dat
    Filesize

    1KB

    MD5

    27c96f87b64b794e9ae43a7fb279344e

    SHA1

    d2bf26e6171cf80918b0af0c68c1ce80d5777b34

    SHA256

    253b37bfbb2ba5df0e7ef3bb1179766205a2a26220f31550ef1968b7999465b7

    SHA512

    26b9ae0837cdecea0c64d47827141c9f1547d2f4aef7ba02a818911f36b204bc117139368c4c2773563aef11694895b585af95e3112efe84d807d58c523f29f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\config.dat
    Filesize

    1KB

    MD5

    f43d1c6209dc542d2d416f00fbc6ff1a

    SHA1

    544bf9b84626a60527c24bbaf082fde63b9f652b

    SHA256

    c68225f244dfdf21822a46905d75e7c223a55e0e3f75caca55aeca808d473339

    SHA512

    d137707ac85d2cb1420c64b5ced0474b63aee71f2fcd18b7868d115a471e98bc79628b59d3eaf986b91f649b73a18041606051b0b83a20d8f48d06a91efdefcb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\blocklist\blocklist.dat.tmp
    Filesize

    785B

    MD5

    c8a53e693ca4fb5d58b99aad262f9d8b

    SHA1

    531d1feeb81887ffe99906093137d73391dcc977

    SHA256

    774993c2f43b81361c7eec7d77767a2bdccc18eb704fc2c46310973a4810ad1f

    SHA512

    acd26eb988210113ac728b1c146764cc41787e27d6ff9b6d7b3667c260f0450251b38b716f8ce24d55a649b7252bbe9064f03cb3b49783641b26fa273e5d5ee5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\domain.txtGG
    Filesize

    127B

    MD5

    b29e2cbfa269c80bc8ae1f5c9df7f787

    SHA1

    22b9f84793f2e56a116822943ba31419ef728730

    SHA256

    8b9a18f8ab7cc377151deb7ddf3ff83435cd697aae1283dc2fa50e5298e3e1bc

    SHA512

    c64c7881b0c62b63ad92629772f070c0d4c2b99b97d303f4e294ab14061e8d421d24c5440615b5cd720a861854984a1e8b919fb7dae911e265db105cbe9255f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\domain.txtGG
    Filesize

    179B

    MD5

    cc80322245b5c9dd7271708f22d612dd

    SHA1

    0345e4c6c2e692e26583285664f32f6cc7dd10cb

    SHA256

    9411a789d7206633d2eb3e3f261106223cc09624fa9efa92b9817b7ea67e11a4

    SHA512

    92532d5680206fd7d1d7a32ae639f02bd2ddd524d7b2cb45a42070842eaa5a3cbf4c1ca11978b8e34047afff19e5a961ec1b57f6f26ae7ff24f420cc69189b19

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\urlchk.ini
    Filesize

    92B

    MD5

    e36c9f2f02078a73cfc83634f7eff8df

    SHA1

    2a450bb4696d13cbd2f7813fbe9825a9cdbebaee

    SHA256

    6dde63a1882f7e8aeaca623bfe518e88210177045b9728c0e5d8f4c747fabf59

    SHA512

    db0994441883e7c1743e9eb0ee5b3794d3cd15b1253fd1004f080ea6d831f85b910169a6422189816f776a76aa162edbc57ad9e681e2af03e41bf952a15c4b89

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\urlchk.ini
    Filesize

    389B

    MD5

    a7d8ec35df9ee486a7a6bebe4a3288fa

    SHA1

    4e891491a2655bf5ddf920bd21b298358ee6f1b5

    SHA256

    8de9657c4d7bd04266e88434ce46d60e2e9664a992c3b2fcabb62f4e8103e9cc

    SHA512

    3f7bc6ce3f26ac5e90dfc51937005a09a8279c2f24b46d847a491a5629551bf6c37f1f4bd33755c7cd2a7989df49f960b3ea38cf014e6f891b8006658b2ff45c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\urlchk.ini
    Filesize

    388B

    MD5

    1dce0cd82690197520a85895984ff20b

    SHA1

    9a9ac720bcba626daa07d13ce33a332c07ab0ed3

    SHA256

    34db6731822b8892a311c30740b3722e599cc1ebe8ed9aec63d5c84b8a5b3cf5

    SHA512

    d24d2a8642468fa400fb6ba08ce1fb1d852c3dfa5fc3c35e506ddfaad8534840cfcd858ea7754a617a1b23502057071d41d304594eb3fdae2d6edc64208c1978

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\urlchk.ini
    Filesize

    387B

    MD5

    33c529d1d4420be2e766df28de142f9f

    SHA1

    e2805cacf300f41bf370ae4bc527a58552965cad

    SHA256

    f2809d1fc77adc2f97c83817634429d4165a736a3aca9b8bb717b9691e573ace

    SHA512

    26ef99a424d7ffb4fc9d1c3f2926adf5409909297760cf0654b610958417fc23ffcc72209383392c32a96365695a3600d3f6872eff6b1bfe9b477e860f3e9123

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\urlchk.ini
    Filesize

    387B

    MD5

    712bc2f464ccef3f6b9a323f0a8ea81b

    SHA1

    b19b68dc0a67aa76fedd823c9f643aeb3ff044f1

    SHA256

    4d860d473fb6788bc5ed914a5357a7dcb45827f7b7bf47464e129ce70e920ca9

    SHA512

    9e6917eab5d026a06ba8cb6722d9038980b97f99026138007d877cbedf14b0929c544a5b35bd4a8a026280f85fbea520d1ab033e624d639264e005bd585f3912

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\urlchk.ini
    Filesize

    386B

    MD5

    3707fe7933c99b0e8e1992599e5732ce

    SHA1

    cdc8ef2b213e6fd5eda3df205663d7b6caa24f4b

    SHA256

    ff05ea11550914328a42d054d45bd1c54c1337f3e23875f4d3886f7e193d1cb7

    SHA512

    0ab3c0bdcb242fddca20b5ccf59ee49eca0d5ac253e2c1a115dca84ba837e8a95572599f44ce0ac902502bdc8a897cc171f69106b8d09b22fab53a80ba79c474

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\urlchk.ini
    Filesize

    385B

    MD5

    e143b57eb66bf5a1d1a23095b4a98743

    SHA1

    6f339fc69fa6707de4d5848d169da4bf6a5f9a6e

    SHA256

    c9e807b3d52600c5d1dfe0acfcb4af71741e12fc6c276e0c23fae83bd1b30e26

    SHA512

    5855db02f10c36dd284109dcae0edefe3532c5dd9699c04e2d7e29a01eae31646153af6e1266fd8e9b4d61d9c9ae4a211508135ecd6e7ae11f71c9fe0b530f6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_._\local\homeurl\urlchk.ini
    Filesize

    416B

    MD5

    c65eaad99d7156f82d49538bcf347fb5

    SHA1

    4f7f4fc9d503e40f0df45cdedc1139c6527a599f

    SHA256

    829062ede9c5cf67a24e00020e091dd3435fcce01fa0852bd5f2b7ee2beb4b16

    SHA512

    38c3ced77c4a6868f1aea3cbae0a2511de5c207b7b41e041c2445227d4bc404f4dc637c5c4632d32e065f3d05c8e2554f6891f70816e40bb8c2763c80c263fa8

    Download Submit

  • memory/1132-466-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1132-467-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

    Filesize

    4KB

    Download