Overview

overview

8

Static

static

3

App_02029.exe

windows7-x64

8

App_02029.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    App_02029.exe

  • Size

    64.8MB

  • MD5

    ff7aa40da6ab4277f0efcd62b9853d4c

  • SHA1

    2c7349c256eec9f3fe5ac536573b0e46485285a7

  • SHA256

    7588cc0c79125b77cb1ae20c18b6f437f4b708fc414ba550e5bf555990a7546b

  • SHA512

    47b3391ee7f114257704c9bc30d6d4dc29647db531050b91321d0144baa993be731f0a68314f51355c1f4bd3c105d7a5ddeb110ac13ea22ef9d71e1a4e818006

  • SSDEEP

    196608:5PoufwrXnmsUML1WCvRVDOknyc2ICFWlWlWlWlW6WlWOkk:5PoHms0CvRVO3WlWlWlWlW6WlWFk

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\App_02029.exe
    "C:\Users\Admin\AppData\Local\Temp\App_02029.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Users\Admin\AppData\Local\Temp\App_02029.exe
      "C:\Users\Admin\AppData\Local\Temp\App_02029.exe" /up
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Program Files (x86)\GloriousPLACEnanSoftware\GloriouszSoftware.exe
        "C:\Program Files (x86)\GloriousPLACEnanSoftware\GloriouszSoftware.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: GetForegroundWindowSpam
        PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\GloriousPLACEnanSoftware\GloriouszSoftware.exe
    Filesize

    1.5MB

    MD5

    a6a0f7c173094f8dafef996157751ecf

    SHA1

    c0dcae7c4c80be25661d22400466b4ea074fc580

    SHA256

    b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

    SHA512

    965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

    Download Submit