Overview

overview

10

Static

static

10

01d63645f4...e3.exe

windows7-x64

9

01d63645f4...e3.exe

windows10-2004-x64

10

14bae02cc3...0e.exe

windows7-x64

10

14bae02cc3...0e.exe

windows10-2004-x64

8

TNT Origin...ce.exe

windows7-x64

10

TNT Origin...ce.exe

windows10-2004-x64

10

402ff605d7...97.exe

windows7-x64

10

402ff605d7...97.exe

windows10-2004-x64

10

4d0dfae91f...bf.exe

windows7-x64

7

4d0dfae91f...bf.exe

windows10-2004-x64

7

5401a3332d...8e.exe

windows7-x64

10

5401a3332d...8e.exe

windows10-2004-x64

10

Autoit3.exe

windows7-x64

3

Autoit3.exe

windows10-2004-x64

3

6cfe745f03...d2.exe

windows7-x64

10

6cfe745f03...d2.exe

windows10-2004-x64

10

90f19e1a78...ef.exe

windows7-x64

7

90f19e1a78...ef.exe

windows10-2004-x64

1

a3eeef65c4...4.xlsx

windows7-x64

1

a3eeef65c4...4.xlsx

windows10-2004-x64

1

a71829e150...e5.exe

windows7-x64

7

a71829e150...e5.exe

windows10-2004-x64

7

db58eb7713...c4.exe

windows7-x64

10

db58eb7713...c4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07-05-2024 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90f19e1a7843dbee63856899da664d073c2b8fadd0cad368e623d5f7426ba5ef.exe

  • Size

    9.0MB

  • MD5

    ae5ffe6a64aef13c2712f073032b0806

  • SHA1

    6285497d8786742cca307bcf6958ecb01f439f42

  • SHA256

    90f19e1a7843dbee63856899da664d073c2b8fadd0cad368e623d5f7426ba5ef

  • SHA512

    81573d0c93538750d89daef81de1370441c48927620e2569ff038917d968b5760e9db68733a4f82d679c7832781c75cace285d6047e5947a5120f9a87ec14590

  • SSDEEP

    196608:gAeiSGnXc86iAD/0LUcEhNLbdubxaUTE8pUcXc1uVzb9:gn8nXc8WD/0LS6LVvzp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90f19e1a7843dbee63856899da664d073c2b8fadd0cad368e623d5f7426ba5ef.exe
    "C:\Users\Admin\AppData\Local\Temp\90f19e1a7843dbee63856899da664d073c2b8fadd0cad368e623d5f7426ba5ef.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\SysWOW64\netsh.exe
      netsh winsock reset
      2⤵
        PID:1844
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /flushdns
        2⤵
        • Gathers network information
        PID:1748

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Command and Scripting Interpreter

    1
    T1059

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \WuYouIP\update.exe
      Filesize

      4.6MB

      MD5

      e9a963c7a995921b78d2657d33524029

      SHA1

      c3fa95d9f9f1dc71e151baf54f15dfb4b822cf55

      SHA256

      99f12909c76a4f818169859a0a3b9e5f77ef6b75aefe8402f25cb90a54f09f64

      SHA512

      27aca412300606ec1b938ec444c1ed8514a0d78fe6c1e2d101033f40268571ea78dff2ae1f5c1830b55b50cde239334be49c0cc3683744ad4d68e1d4ef08db3b

      Download Submit
    • memory/2268-0-0x0000000000E60000-0x0000000000EA0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2268-1-0x0000000000E60000-0x0000000000EA0000-memory.dmp
      Filesize

      256KB

      Download