Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2024 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99c140f3dbd18b65457bc398730516f3a8c1d0e5ba68aa46c194505bf0f12a98.exe

  • Size

    84KB

  • MD5

    36010b83bccfcd1032971df9fc5082a1

  • SHA1

    9967b83065e3ad82cd6c0c3b02cf08ab707fde3e

  • SHA256

    99c140f3dbd18b65457bc398730516f3a8c1d0e5ba68aa46c194505bf0f12a98

  • SHA512

    c8008923315d86c06b57e47d9bf81cec47cda0dec6d9f8aa57d7b4c57c7138997486a6f60eb0015bc99755afeb3d943bc8d9ba83dbb8c9219fa4990296de1def

  • SSDEEP

    1536:gEKh/S0Fmav8242worjs0nGxMvrEl3/AEHK:bKlWOpsG8MviYEHK

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 12 IoCs
    evasiontrojan
  • Executes dropped EXE 5 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99c140f3dbd18b65457bc398730516f3a8c1d0e5ba68aa46c194505bf0f12a98.exe
    "C:\Users\Admin\AppData\Local\Temp\99c140f3dbd18b65457bc398730516f3a8c1d0e5ba68aa46c194505bf0f12a98.exe"
    1⤵
    • Modifies security service
    • Windows security bypass
    • Windows security modification
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Users\Admin\AppData\Local\Temp\2184910233.exe
      C:\Users\Admin\AppData\Local\Temp\2184910233.exe
      2⤵
      • Executes dropped EXE
      PID:3236
    • C:\Users\Admin\AppData\Local\Temp\146382163.exe
      C:\Users\Admin\AppData\Local\Temp\146382163.exe
      2⤵
      • Windows security bypass
      • Executes dropped EXE
      • Windows security modification
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:3716
      • C:\Users\Admin\AppData\Local\Temp\1238011613.exe
        C:\Users\Admin\AppData\Local\Temp\1238011613.exe
        3⤵
        • Executes dropped EXE
        PID:1892
      • C:\Users\Admin\AppData\Local\Temp\2703536258.exe
        C:\Users\Admin\AppData\Local\Temp\2703536258.exe
        3⤵
        • Executes dropped EXE
        PID:2796
      • C:\Users\Admin\AppData\Local\Temp\1447127469.exe
        C:\Users\Admin\AppData\Local\Temp\1447127469.exe
        3⤵
        • Executes dropped EXE
        PID:2424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1238011613.exe
    Filesize

    84KB

    MD5

    36010b83bccfcd1032971df9fc5082a1

    SHA1

    9967b83065e3ad82cd6c0c3b02cf08ab707fde3e

    SHA256

    99c140f3dbd18b65457bc398730516f3a8c1d0e5ba68aa46c194505bf0f12a98

    SHA512

    c8008923315d86c06b57e47d9bf81cec47cda0dec6d9f8aa57d7b4c57c7138997486a6f60eb0015bc99755afeb3d943bc8d9ba83dbb8c9219fa4990296de1def

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1457229245.exe
    Filesize

    80KB

    MD5

    2ff2bb06682812eeb76628bfbe817fbb

    SHA1

    18e86614d0f4904e1fe97198ccda34b25aab7dae

    SHA256

    985da56fb594bf65d8bb993e8e37cd6e78535da6c834945068040faf67e91e7d

    SHA512

    5cd3b5a1e16202893b08c0ae70d3bcd9e7a49197ebf1ded08e01395202022b3b6c2d8837196ef0415fea6497d928b44e03544b934f8e062ddbb6c6f79fb6f440

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\146382163.exe
    Filesize

    14KB

    MD5

    d085f41fe497a63dc2a4882b485a2caf

    SHA1

    9dc111412129833495f19d7b8a5500cf7284ad68

    SHA256

    fb11b4e2d26812e26ea7428f3b0b9bb8a16814188250fa60697c7aec40a49bd0

    SHA512

    ed4d8e297094248fb536154ed0427f4cc1832f339ce29d0f782971ede42fa2b9e5f953f73e71d0cfc026e5fd2ec0f7062410af359fd940a14f277adca37fc106

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2184910233.exe
    Filesize

    84KB

    MD5

    cd1d9c0ed8763e6bb3ee7efb133dc60e

    SHA1

    f6f3bea085ba7c13a2956fc0810c2034792f2ddf

    SHA256

    19ee79b7852c54de5883404f049f9e85cb0085bae8132ada3e46d6f75b24b100

    SHA512

    77b675fdbfc11bff45e2438cb1bd73b7fbfa03771c600e37171f684141c82f356e392ba2694285390aedbb3ecd3306a3c0f8687d0a1940d8d44cae3a7fc41591

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2703536258.exe
    Filesize

    7KB

    MD5

    2ab59125912f1b9c7372f91b731c8078

    SHA1

    9bc6425022f0a76c83a1d8209892dfbdaf8e8036

    SHA256

    f9683cc6906a3b454dd3f334a86fa9afadc49ce58d823c5374bee8f0cf00b1a8

    SHA512

    69c418aca3b75c5d79948188c93495557f57d41e424c701a7ae702e37f1f5f77f6c5880b52ea8292ee73b5693a9aaab3cd5a520af0d3ba1067c6fe81d54e0863

    Download Submit