Overview

overview

10

Static

static

10

1680kb DMF...er.exe

windows7-x64

7

1680kb DMF...er.exe

windows10-2004-x64

7

AntMem v13...64.vbs

windows7-x64

1

AntMem v13...64.vbs

windows10-2004-x64

1

Atlantis N...is.exe

windows7-x64

8

Atlantis N...is.exe

windows10-2004-x64

7

CSVboard v...rd.exe

windows7-x64

7

CSVboard v...rd.exe

windows10-2004-x64

7

Encopy5/encopy5.exe

windows7-x64

7

Encopy5/encopy5.exe

windows10-2004-x64

7

Eve/eve.exe

windows7-x64

8

Eve/eve.exe

windows10-2004-x64

1

FoldersRep...ep.exe

windows7-x64

9

FoldersRep...ep.exe

windows10-2004-x64

9

FoldersRep...t.html

windows7-x64

1

FoldersRep...t.html

windows10-2004-x64

1

MICROFTP/MicroFTP.exe

windows7-x64

7

MICROFTP/MicroFTP.exe

windows10-2004-x64

7

PDFproduce...er.exe

windows7-x64

7

PDFproduce...er.exe

windows10-2004-x64

7

Password G...pg.exe

windows7-x64

7

Password G...pg.exe

windows10-2004-x64

7

ShackUp/ShackUp.exe

windows7-x64

7

ShackUp/ShackUp.exe

windows10-2004-x64

7

Spread32/Spread32.exe

windows7-x64

7

Spread32/Spread32.exe

windows10-2004-x64

7

TheGun/THEGUN.exe

windows7-x64

1

TheGun/THEGUN.exe

windows10-2004-x64

1

Xcalday Ca...ay.exe

windows7-x64

7

Xcalday Ca...ay.exe

windows10-2004-x64

7

Xpass/xpass.dll

windows7-x64

7

Xpass/xpass.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 07:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Eve/eve.exe

  • Size

    73KB

  • MD5

    755d1b440f76791ef1d58d7ebb098068

  • SHA1

    27f540010a6fbbdae390dce806499bcb0c096c51

  • SHA256

    0fa0ee9d5c8416b622cc6a09d8dcff69d3f14ed8738a380fad3c27879b804354

  • SHA512

    2ddc9341270f7bce951b2349e2a5168f6f2947c3568f134ad57b935f98090db4a2d318be94650dc8d42965d19232346e01bc19c90445b742c8c659d4e2e561a3

  • SSDEEP

    1536:4Oc9V+aRuSIY2UahOI7DkcS1pUkbahMdALcURn31P46jVlBdt2qP:4Oc9kDSIY2UtI7A91pUkbahMqQUJC6vh

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Eve\eve.exe
    "C:\Users\Admin\AppData\Local\Temp\Eve\eve.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Windows\system32\gameux.dll,GameUXShim {d21a32e7-afb2-4ab0-93f0-467d4365cc4c};C:\Users\Admin\AppData\Local\Temp\Eve\eve.exe;2772
      2⤵
      • Blocklisted process makes network request
      • Modifies registry class
      PID:2864
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2772-12-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-13-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-4-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-19-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-8-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-9-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-18-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-10-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-0-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-11-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-14-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-15-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-16-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2772-17-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2864-2-0x0000000000A00000-0x0000000000A10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2864-6-0x0000000000A00000-0x0000000000A10000-memory.dmp

      Filesize

      64KB

      Download