Overview

overview

10

Static

static

3

file.exe

windows10-1703-x64

6

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

file.exe

windows11-21h2-x64

10

Resubmissions

12-06-2024 11:55

240612-n3qdvstena 10

12-06-2024 10:03

240612-l3crnathpk 7

Analysis

  • max time kernel
    300s
  • max time network
    301s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-06-2024 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    4.3MB

  • MD5

    8d253537af839ffffa35002272a69975

  • SHA1

    75def7b867b5d7930416337d32fa7735cd62c9d1

  • SHA256

    cf9aee9be42a9a9b88268906e8751200b84e727e39953ab0e1da4ec590db695e

  • SHA512

    6e6a29739e4a1d2153787cc726e1aea51e37f51ea4b31fbde97cb55105dbc67413aa4e2b079df67332823615f76ffc1b06de0e6a4a09a4b881a89d79c0ce84ca

  • SSDEEP

    24576:tTCsLxyCB/T0DwDCuk1H4ki+kwQpQPm0TVBTBMqpPYx0d41QixgN463thBedtE:tusLx

Score
10/10
persistence

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Dessi10

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    golfball

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    swordfish

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp-box-01.iol.pt
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    liliana

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.epix.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tiamat

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    123456

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.free-lesbian-pic.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    brittany0

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp-box-01.iol.pt
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ricardo

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.jcom.home.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    msms3903

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    futbol

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    walt44

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    monkey07

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    peluche

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    louie2112

Signatures

  • Executes dropped EXE 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Users\Admin\AppData\Local\Temp\file.exe
      "C:\Users\Admin\AppData\Local\Temp\file.exe"
      2⤵
      • Drops file in Windows directory
      PID:3112
  • C:\ProgramData\ibtomn\umgmg.exe
    C:\ProgramData\ibtomn\umgmg.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4132
    • C:\ProgramData\ibtomn\umgmg.exe
      "C:\ProgramData\ibtomn\umgmg.exe"
      2⤵
      • Executes dropped EXE
      PID:1768
  • C:\ProgramData\ibtomn\umgmg.exe
    C:\ProgramData\ibtomn\umgmg.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4780
    • C:\ProgramData\ibtomn\umgmg.exe
      "C:\ProgramData\ibtomn\umgmg.exe"
      2⤵
      • Executes dropped EXE
      PID:5036
  • C:\ProgramData\ibtomn\umgmg.exe
    C:\ProgramData\ibtomn\umgmg.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:480
    • C:\ProgramData\ibtomn\umgmg.exe
      "C:\ProgramData\ibtomn\umgmg.exe"
      2⤵
      • Executes dropped EXE
      PID:6152
  • C:\ProgramData\ibtomn\umgmg.exe
    C:\ProgramData\ibtomn\umgmg.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:7292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\ibtomn\umgmg.exe
    Filesize

    4.3MB

    MD5

    8d253537af839ffffa35002272a69975

    SHA1

    75def7b867b5d7930416337d32fa7735cd62c9d1

    SHA256

    cf9aee9be42a9a9b88268906e8751200b84e727e39953ab0e1da4ec590db695e

    SHA512

    6e6a29739e4a1d2153787cc726e1aea51e37f51ea4b31fbde97cb55105dbc67413aa4e2b079df67332823615f76ffc1b06de0e6a4a09a4b881a89d79c0ce84ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\umgmg.exe.log
    Filesize

    805B

    MD5

    9d0cacca373731660e8268a162d9d4ff

    SHA1

    a82111d00132cdf7ef46af5681601d55c6a0e17c

    SHA256

    95932f81206717ff86f0974ee37dc40d5d914f730f00a08344b4c1765d663394

    SHA512

    8c971ab501fc322b13f53b03325b2295e1eedb12b6d50a4225e6e3b4bf5128665b1a3d8b560a8b04f14bfa6f5cba41058e4f546139101fc303f3b8393f5ca485

    Download Submit

  • C:\Windows\Tasks\Test Task17.job
    Filesize

    236B

    MD5

    258a50b2656b58ffb420d016a003672e

    SHA1

    a9378e1cd241a440cefe1d9e54a70eb40b7b1a9d

    SHA256

    ad702825dd61406c4f482f52a48fe80d1611c23d6765c7a0f6b5e1ecdb2d9d91

    SHA512

    206bf30a3f8b9d5c279c7995912052a301b1ba03bf44c86aa9f1080152f14393fd159a96f6c8bd265a01e8dc9005f128fc08755cc4d1d2fc183d4b83b0eb606d

    Download Submit

  • memory/1768-9808-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2716-30-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-4893-0x0000000007550000-0x00000000075AA000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2716-2-0x0000000007130000-0x000000000734E000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-3-0x0000000007900000-0x0000000007EA6000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2716-4-0x00000000073F0000-0x0000000007482000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2716-16-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-5-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-43-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-54-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-56-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-68-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-64-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-62-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-60-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-58-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-66-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-52-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-50-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-48-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-46-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-40-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-36-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-34-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-32-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-24-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-26-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-0-0x00000000743DE000-0x00000000743DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-20-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-18-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-44-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-38-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-28-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-22-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-14-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-12-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-10-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-8-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-6-0x0000000007130000-0x0000000007347000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2716-4892-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2716-4891-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2716-1-0x0000000000FF0000-0x000000000144E000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2716-4894-0x00000000075B0000-0x00000000075FC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2716-4895-0x00000000743DE000-0x00000000743DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-4896-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2716-4897-0x00000000076B0000-0x0000000007704000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2716-4907-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3112-4904-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/4132-4910-0x00000000743DE000-0x00000000743DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4132-9797-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4132-9798-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4132-9799-0x00000000743DE000-0x00000000743DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4132-9801-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4132-9811-0x00000000743D0000-0x0000000074B81000-memory.dmp

    Filesize

    7.7MB

    Download