Overview

overview

7

Static

static

3

m.exe

windows7-x64

7

m.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    m.exe

  • Size

    626KB

  • MD5

    d2f4bc9f0ab5fb441220de0747acba90

  • SHA1

    52be243937507dd83e370da1045c18579a836cd9

  • SHA256

    f9c6e5c3d5349a47e51c11e9e8e537bd803ed6f793136c2f7dfc1f5028c0079e

  • SHA512

    d21bab345fb1a5e8dc841cade9fd9c8429d3fd32c9269980a4e1c5a45d8685f07ff33d8244473ea25eb4431b7bbb1908b1161612302941c6054ae541ab9e0a96

  • SSDEEP

    12288:Me37ZoSHwaPDGDlIxYWX+t4XSliZVqyEdIpqUpMS5KU:foraPDGDlIxYUfdEdEdp

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\m.exe
    "C:\Users\Admin\AppData\Local\Temp\m.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Programdata\Mc.exe
      "C:\Programdata\Mc.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2264
  • C:\ProgramData\BugReport\Mc.exe
    C:\ProgramData\BugReport\Mc.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\sysWOW64\svchost.exe
      C:\Windows\sysWOW64\svchost.exe -k ursv
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\SysWOW64\svchost.exe
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2288
        • C:\Windows\SysWOW64\rundll32.exe
          C:\Windows\system32\rundll32.exe
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Mc.exe
    Filesize

    137KB

    MD5

    884d46c01c762ad6ddd2759fd921bf71

    SHA1

    d201b130232e0ea411daa23c1ba2892fe6468712

    SHA256

    3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe

    SHA512

    0acb3fe1050c1c07880ed2161956c4bee7c1e813a5fb518059b9bb88ed0bff50c108ad7b3708b6568413df4bdcc6f4d26dcd8759625a5ab77c4b26c1ba4f8813

    Download Submit

  • C:\Programdata\Mc.cp
    Filesize

    118KB

    MD5

    103e5743d6b0e5cd665519cebab6ccd7

    SHA1

    6ec96a0969a22034b8441ed85ea66692a1fbaba5

    SHA256

    f8f77db1c090890130afc521ec5bb1c8b15cb56e0c6d60f87c334a7de8ff39cb

    SHA512

    f150b46b804bb41fa8bbefbb8b5e88db6da5204ce5b785190b0cadde82f71776d147c3a2192327749ed26f565a450fa8342fc77898cb3a937e2c9d182810e73e

    Download Submit

  • C:\Programdata\McUtil.dll
    Filesize

    188KB

    MD5

    ed966cb757e34356792960552467c7d8

    SHA1

    2d675adba06ce79ffb2f36994e8c70a6cfc96129

    SHA256

    e2f5cc369c275ee81de88f9fcfe87acd395e4717b15ed60549099bb89ab46c82

    SHA512

    a200dc0822232838208dccb21c0b7270246eaca29810c7b27e2fab4155ce68d3e05160c6d618ad1cb554a688910d81e6087f688e3dacb97791f188ca63a1466d

    Download Submit

  • C:\Windows\SysWOW64\sjv
    Filesize

    1KB

    MD5

    8cb875dc862de9f2cefe522d05274255

    SHA1

    6f9e0195a2f83cd3fe2cb7e9773c0a92371feb7e

    SHA256

    b64e0e2d4fd0c1fd444524350fed9d349c321eb1d077fd9ae1434024789726e3

    SHA512

    e9cd192f5cba5ffe2146612031f334229fdbd9c834c002b0b6df41fc90c80e4e95ae5ad883cf7bd8dd6d1524492978919b1cb876bc01f0bc726f0b4fafa51c8a

    Download Submit

  • C:\Windows\SysWOW64\sjv
    Filesize

    1KB

    MD5

    5967b3aa113d1e272dc11382f4b8c0bf

    SHA1

    92f0fa826d887567b119924dbe3123c31395867e

    SHA256

    95ead516f7abb03eb58b290006e887d673022b91de130d253c09f3f701ae8fab

    SHA512

    86a75ad71f10739af43f99a88c809b2f250b1c4220dfc59bed7eed91240738bb6757ed037c4c42b2ce126a5b8640f6bc7d8800a8e1f1215d50d1a6203efc39ff

    Download Submit

  • memory/1568-86-0x00000000002A0000-0x00000000002D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1568-82-0x00000000002A0000-0x00000000002D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1568-83-0x00000000002A0000-0x00000000002D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1568-84-0x00000000002A0000-0x00000000002D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1568-85-0x00000000002A0000-0x00000000002D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1568-87-0x00000000002A0000-0x00000000002D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-62-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-36-0x0000000000080000-0x000000000009D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2288-40-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-91-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-44-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-53-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-65-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-90-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-64-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-89-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-61-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-55-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-54-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-76-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-78-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-42-0x0000000000C40000-0x0000000000C48000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2288-88-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-43-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-37-0x00000000001B0000-0x00000000001E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2288-41-0x0000000000C42000-0x0000000000C43000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2652-34-0x0000000000110000-0x0000000000210000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2652-32-0x0000000000110000-0x0000000000210000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2652-35-0x00000000002E0000-0x0000000000311000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2652-33-0x00000000002E0000-0x0000000000311000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2652-39-0x00000000002E0000-0x0000000000311000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2652-31-0x0000000000110000-0x0000000000210000-memory.dmp

    Filesize

    1024KB

    Download