Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1.exe

  • Size

    4.6MB

  • MD5

    22ad5bdd6c7602233ffa5173c49b0719

  • SHA1

    e6b8f5ce07b70867c5071f7655cdd6f6bb69e0c0

  • SHA256

    985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1

  • SHA512

    2c3dd109d5a409ba4ac3b33868280cc6b1e958a6392a0526105a1eef67db3c78a6cbc698bb8eec5d98b202b4f37c88e90a2473c64d04e76dbbe965484e37f8c4

  • SSDEEP

    98304:mJ83IAaNlvZpRyoOVtreNi1yLtzogS1Ur15QsEvhl5GD:Z5abnR6t6NiwZPr71Evj5GD

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Signatures

  • Detect Socks5Systemz Payload 3 IoCs
  • Socks5Systemz

    Socks5Systemz is a botnet written in C++.

    botnetsocks5systemz
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1.exe
    "C:\Users\Admin\AppData\Local\Temp\985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3816
    • C:\Users\Admin\AppData\Local\Temp\is-BKJ99.tmp\985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-BKJ99.tmp\985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1.tmp" /SL5="$401FE,4606889,54272,C:\Users\Admin\AppData\Local\Temp\985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3812
      • C:\Users\Admin\AppData\Local\FGaudioConverter\fgaudioconverter.exe
        "C:\Users\Admin\AppData\Local\FGaudioConverter\fgaudioconverter.exe" -i
        3⤵
        • Executes dropped EXE
        PID:3536
      • C:\Users\Admin\AppData\Local\FGaudioConverter\fgaudioconverter.exe
        "C:\Users\Admin\AppData\Local\FGaudioConverter\fgaudioconverter.exe" -s
        3⤵
        • Executes dropped EXE
        PID:4396
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3960,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8
    1⤵
      PID:936

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\FGaudioConverter\fgaudioconverter.exe
      Filesize

      2.7MB

      MD5

      199eceb5314974db86f81aeef7cfc6b0

      SHA1

      c89bf3ad50d8a54748797784a8c5eb0205d9c4f7

      SHA256

      4cf41b700bfd861319ec71d08d292a1964448378e7a0a9c555e0c4f1d1b179f5

      SHA512

      9e6118396fd0fa892e33753d6fed18f1dc0c910d7dace844b56e898485336b7320c050410c3b1932688142e29d080025353dc5dd384a32028c11e0266a7962a5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-BKJ99.tmp\985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1.tmp
      Filesize

      680KB

      MD5

      aae7350b982230aa0db7a4b4fcb06dff

      SHA1

      40e4e5969d10adca4622d07d7a32ad7cb632142e

      SHA256

      ea41b6a63817cf5dae2ca2b3b001f5b03386eda8c0ea22293ec3b561188942f3

      SHA512

      15d2ffda3c20d238ab8127a50edcc6b8d57246c1c05c91709cd3af2bf3b76a604d2461bcfde6ebe768821f7824808b985b456039d0bfc3fd5abb903e5a40fb0b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-NFJK9.tmp\_isetup\_iscrypt.dll
      Filesize

      2KB

      MD5

      a69559718ab506675e907fe49deb71e9

      SHA1

      bc8f404ffdb1960b50c12ff9413c893b56f2e36f

      SHA256

      2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

      SHA512

      e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

      Download Submit

    • memory/3536-59-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3536-60-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3536-61-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3536-65-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3812-70-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/3812-13-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/3816-3-0x0000000000401000-0x000000000040B000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3816-0-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/3816-69-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4396-74-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-96-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-68-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-77-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-80-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-83-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-86-0x00000000024C0000-0x0000000002562000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4396-90-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-93-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-71-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-99-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-102-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-105-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-108-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-109-0x00000000024C0000-0x0000000002562000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4396-110-0x00000000024C0000-0x0000000002562000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4396-114-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4396-117-0x0000000000400000-0x00000000006B0000-memory.dmp

      Filesize

      2.7MB

      Download