Overview

overview

10

Static

static

10

1bdbf56cc8...0N.exe

windows7-x64

10

1bdbf56cc8...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 23:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1bdbf56cc827f362a689eced94a4ee30N.exe

  • Size

    289KB

  • MD5

    1bdbf56cc827f362a689eced94a4ee30

  • SHA1

    609e8b54a528f61804cd0aa13c3a2aaca17e71f7

  • SHA256

    7cfa6bc35fde4c3d6994f56560dc7e9149d1a213351888d89d722e16d7b3e393

  • SHA512

    06dc0f12d77f2a4e0b3da591d08c5367b236082d11447ab6a32a01a30d423372be50adb6a4bfbff72f5b051c67b178450f89cbfb6450685f066dbc081a589da7

  • SSDEEP

    3072:KwYVpJP8Dzh115F/4aS8iV4nU2Iyg/WXnG840r9pwwdgTP94fYP:ZYVDP85pF//SvDGHXG8G

Score
10/10
phorphiexramnitbankerdiscoveryevasionloaderpersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Phorphiex payload 1 IoCs
  • Phorphiex, Phorpiex

    Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1bdbf56cc827f362a689eced94a4ee30N.exe
    "C:\Users\Admin\AppData\Local\Temp\1bdbf56cc827f362a689eced94a4ee30N.exe"
    1⤵
    • Windows security bypass
    • Loads dropped DLL
    • Windows security modification
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\1bdbf56cc827f362a689eced94a4ee30Nmgr.exe
      C:\Users\Admin\AppData\Local\Temp\1bdbf56cc827f362a689eced94a4ee30Nmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2988
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2216
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2708
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1908
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84d00b7e427c09c4d5e181adde97ce04

    SHA1

    a2a9fc40ed6fabd52376af40a5a0736f1e4406e8

    SHA256

    e8fb71cfec5c99c1b39a105d00c4f37bb1465328f4bf04d3bb82c2044275b267

    SHA512

    9e084827a60122f413cc741de5f53a40a8fb7b65668ad2a8b95fbde319146bcfe4bbdbe63ee2868cbb77b104b7cd3802751afec63b89409bc282396c9b8e0409

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f700626f15d22a4e28b755b570217e1

    SHA1

    a4aab7e654ecfd3db1367105836cbf58439ce9bb

    SHA256

    e49b788fa6ede600cdff9b45d4ebb5d9f09c8a33b7a3a3aa1186c12ccda3a83d

    SHA512

    4243406edd495650e5085e24c2203e88a83a4e30075ab4e462c637d124eb1e67292266ab8cb924b308d9c6541253da1cc30515d96190939351a7e22511083e5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fa839af43ed13de8b0ee0c0b73ae768

    SHA1

    f65868f6ffba43c861456aa2cf1c5202116ef0e3

    SHA256

    68f55bfe4cdd7c9e80bd82511401ce46b68df645f766d22f212eb5206fcef7ad

    SHA512

    b52d6d378b22a25e42cf72c3d0cfed37ed69fcb251fd171f2e414212f2ec38ca64f9486950a9098fe36bf3f3fa2fb218e83e6cc0cacefec1ed1d28811dca65c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8bb698fe842238af39532797dd36034

    SHA1

    966c0be794e23c2052f642a2c7e63594eee4bbd7

    SHA256

    48e31343ec70c8bd2349b0914b22a11043f088c90c52d3e905ceb0ed65015c66

    SHA512

    7ca6572ed1207590341555bd8220032e333aca5445844c36bb5c6ff8dd903a309884660aa734e8543976ceea7082cd6a33c6c44a99ac986d9431961e06ded264

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb2b10ee5abe12c5a500ba7ec07042d0

    SHA1

    b8e47a15420a55faa84f5ee1f68d357d7b35da43

    SHA256

    d5607134de20914e27d7ce9737626dff70bda790990112373802de116826f5c7

    SHA512

    8f683d5d00f64aedf28ff96bca899e58d726bf255821b5d8ca9ed43d060b3e7b60e6687eca6e6de9ca3704fed98d307a5c5caa142ab15eb4a5a0650664b7d1eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d28e0183a43625accd2aa0dbe49c109e

    SHA1

    948380518b99f51ac158c98f04926315306a1374

    SHA256

    59d21aad57f2e1f6c13b0e4f87dc995a1299d4a02177f154e738fc28d6969560

    SHA512

    7b925bb885994af2552c74330179ca9c148d46cb3d864a139370d6a628481f6bc3aa63d57314746cc30562e85622ef51ebb8f44172f7060ec36fb5bf1fe62c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29e40c27cf8ab58c4c581228628fa5ee

    SHA1

    c80b251dbd3f589b1a033b36587f221b3e72767e

    SHA256

    8e6565d4606b63b7e5c9d268f01bdc5fd8371b8ec9d4db912bcff981c1784d87

    SHA512

    bc15a8bfcb9059ddbd066785b07f7a6420da7ed8d3f9362c800db83a9e0eeefa71c41fadc41256eff79e38b6a2415a16c942412543739ac1950332e8c74dfeb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0581bd98f605702084f38db229b5c15

    SHA1

    123f6c9db417404187951f21ea033ae9b8758d66

    SHA256

    f2e492f6ec690c4b6e9828746473c3162b9a0f6b7ffa1907ec9f1490f5e79e40

    SHA512

    285591d248690009c05655820f1538b6d9b88f01d64c1be9f79db66f1c3dba800f21f4b1b39946b57ad49e2ac4b4f94372b79319bc725fcaf1150b235bb098ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    989c8bd4952bc1c8179869ba518bc75a

    SHA1

    6b3075cd11dfc9917897ccb9b929371a5a22bb07

    SHA256

    3dfc8cab1d61d1502ab418d01272d0eb1c9464e2ed104fb34b8cb388005ec110

    SHA512

    f31f0d1f4fa695b85a11f21259900f6d0bb52260b73f7f0c6af2b839b2ba867fdfc41d7ae71e2809a65e78eb660abf245931bc03da63caab69ccbe35238a7bcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e99b6728fe961653635b99cf935b4be

    SHA1

    654b74d45a0db8ed3e33d8d0388177f8b0fe4ce0

    SHA256

    015b9a2c0c4c134d944d6d3f4a43d26ffc228a4adf626573dc43ba38dad7298b

    SHA512

    c74761c5579aa626ca01bd40163a1969b12814503530211709c8d3bb90b82e1b0398be63016a654d291d9687e7ce23cb430e2132e79d66c418c9d1292266cd66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1f36cbcf37220791346ae71ef4f6e68

    SHA1

    bbfc3f99906526d868d79d9a1874c503421a0c11

    SHA256

    08a86f8d4d4d409342f2ad4d6921c37254ed44afdf8e40ae2eb100f6b1cf418e

    SHA512

    47e31157ff1c63b9cd8c4809a97ef1c2229d2e7ec3c572efe56d7f8ccb8870e44e339ff730f0c67e7a155c84ae0fe0f66b426a0873f4744719bfb126b15e5330

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    211f1b8c1cddbaea5a3e8288dd1bf5fd

    SHA1

    55ce650ec99a5cbe84b9131ef2ca6ca37c38cb0e

    SHA256

    f53ac6c4d41875bda0fcbdf0f05763925cc5dcbcf19830d9f31b2cda675160ea

    SHA512

    60ecb66127eb336f1b8095c40884a0b21479c615e68c3714d30fb8b9c044445d0309645f265d022443331b63a767fce4f5a672155c25ec313ec36f2fded0c95a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29ace7be6e28040f83c3eeb93177e5e3

    SHA1

    9be1b9af191e8829d65a0bc55033761cdf46b2b9

    SHA256

    66ad75610836f6a62600836fbe9eee54693280a0432da302206d236b9507c125

    SHA512

    9bb5e25f0a3c12fd72b12b58478495c8323bf7c422dd3039e318aea3421f74e5a7e88871f42ec98c854cbb2d5262cc47a20d304de044effc2c4895ae7d87ab3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc18aa85b23a423f18516302f32e3124

    SHA1

    4d3e4134e10a6bcffbb158d1cb12e813c982eb5e

    SHA256

    59f98f6276c6c3488a5cd7821a13cc251072bc0655f7a6381b459ad7e788da20

    SHA512

    c7f2f252648e7651e9739c34b4838a24c939b506725982e0291c4646ef6016560d093d766b6bcaafa945f794eb88b7dcbc79766c744a4677b292c392f425e446

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c146d06c35111f53108e7744d957522b

    SHA1

    a9b2e63e661eb3765cd24642d52be3e3ebf0b8f2

    SHA256

    ccecbde8abde941be19be510dde3106402e9c410a0e8b144d987cd0fb11e2619

    SHA512

    9122168adc1e066e2ca837a8bb6707945699f851d822a656a5d3409c329acfe68def782ce4d6fac0f14486a2bdfef4fc2d7994c2d40306f1beb9ac8e5423bdbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09abebbd7fd9361ad302051b0493d552

    SHA1

    e2ac731459df8e4b309cc2c0ecd9caabc6b643a1

    SHA256

    80d4ed309259f11d74291f6d2cd8afc300f78e4b2cc64e2215c8e66829d7981d

    SHA512

    c865fe929d17634f2e6bad5d8102b7ca66bc8bd5e0d600b17a39bcc80eb1aa4dfccb27bb13495e65f216c9fd679301874bb1b96a8ea0566ce8d26d83cf4b853e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a8d9324cea1eac4afcf1e2dbf8993b1

    SHA1

    c98316927869aa3f865586126c9a41906f405b08

    SHA256

    24d3e0bffff93013fb5c6f60208a5d1e00e5b579aadc0ef349c27af6b189e1a1

    SHA512

    c0dbbc71c678bb9985e370bb949fb207500e6123870461c02b9ee7e84ea6e203ba1211f3d64c7fdce44738081a021a86091993c20fe9216f7511505351056b73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    076513218481d50e0fdc54aa93cd0bf0

    SHA1

    a38926d3cf15a8036bd53cbf2181217de80f4e94

    SHA256

    0bfa7d535e8e488c3bd61e7eec5317dfa74bb7a40a1d4681402152f506f831e5

    SHA512

    5b7bf44c4e43bbee12b2cdac92d4055ba1db6cace23ad408d7aac278cd1d72749b81cc49a64d0ecc73d34535280eb71f582acb295015e3a47721780909b31328

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0202321cd98aaa129aa41832decc31fe

    SHA1

    546ed5ec50899a62d924858c2e27887cafb3c9fb

    SHA256

    e9d41b01d1196a0d246b6247455b0cd28af7009d9a86f63d626f27f76ae8f03f

    SHA512

    509bcea6d2df32bdfcb60775ec8a8aff5e5d929b330d51519dc34ca7a765139a092ca6ae33c93b36c36a9c274020157db212813cb1a2c9656090e84cee8dd0df

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A3DC1BE1-4C73-11EF-9CB4-D238DC34531D}.dat
    Filesize

    5KB

    MD5

    09ea8982a033d3472f4372fe1ced4e8b

    SHA1

    439a0c760f07f4430003f17f179efe59051bc2c0

    SHA256

    c0631dbe39e1a116654d6eb5518b6427e46ebb80fa7ef6c7ce4ca3e59cee92f6

    SHA512

    14436c6171369782fe1f5df917da555e68abd60110a7d20ff977430bdc47c95732432b623e606d38eb256cbbe34369430410d99f5cb5a30606d42ae103439dec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A3DCDF31-4C73-11EF-9CB4-D238DC34531D}.dat
    Filesize

    4KB

    MD5

    9a0df3c8b6625e30cbf36a0da881f20b

    SHA1

    e7acbe26c3b2eba58eba882f17d62bdb73e30d78

    SHA256

    df6c93cd622c8c9f1ec46a54ac5a1cef7e1cdfe97cf405797bd79013d161fb2b

    SHA512

    c64cca95965c1f20aad49a7fd11a50e356152289d8f8893c1e5235eb6cb6fc40afa04233da1718c9e94fff9ede1cfeec6cb2d278060a4204f3ee350d6f1900e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1603.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar16B2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1bdbf56cc827f362a689eced94a4ee30Nmgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit

  • memory/2332-8-0x0000000000220000-0x0000000000290000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2332-1-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2988-10-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2988-14-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2988-15-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2988-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2988-13-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2988-22-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2988-11-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download