Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
27/07/2024, 03:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
88885df7373d53bcf18a09d6bce77980N.exe
Resource
win7-20240708-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral2
Sample
88885df7373d53bcf18a09d6bce77980N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
88885df7373d53bcf18a09d6bce77980N.exe
-
Size
784KB
-
MD5
88885df7373d53bcf18a09d6bce77980
-
SHA1
6a474b0129c7957fcc7c5c62be189ecbe1349218
-
SHA256
1ada3efbfaf4a8f10bd94ec025b7c4f4581e5d5e3de8c7d06c68d20ea5964d2c
-
SHA512
d97b93952d6125eaebdc45b3ca146af8a15961895cd2dd43f485853fef8c6b28d451c7dff5097457c2c74df56e5c0247b9b9aa79517504af31baae7178515c06
-
SSDEEP
24576:K1bHLFagnHnCMuRFipdJV+uLO3DBdXgmYcGW:KragHdJVKVdXgFW
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe sIRC4.exe" 88885df7373d53bcf18a09d6bce77980N.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\DC++ Share\OSPPSVC.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\VSTOInstaller.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\setup.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\master_prefere.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\apt.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\idlj.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\javac.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javaw.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\chrome.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXF3A3.tmp 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\xdccPrograms\FlickLearningWizard.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\ieinstal.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javafxpackager.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\sIRC4.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\FlickLearningWizard.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\iediagcmd.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\iexplore.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\jar.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\xdccPrograms\7z.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\MSOXMLED.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\javaw.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXF3E2.tmp 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\7z.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\Uninstall.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\InkWatson.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\chrmstp.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\chrmstp.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\iediagcmd.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\appletviewer.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\xdccPrograms\7zG.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\java.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javadoc.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\idlj.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\MSOXMLED.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\setup.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\javah.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\javap.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\TabTip.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\VSTOInstaller.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\RCXF364.tmp 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jabswitch.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\xdccPrograms\7zFM.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\extcheck.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\java.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javac.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\sIRC4.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\java-rmi.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\javadoc.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\xdccPrograms\7zG.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\chrome_pwa_launcher.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\xdccPrograms\mip.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\jar.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\java-rmi.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javah.exe 88885df7373d53bcf18a09d6bce77980N.exe File opened for modification C:\Windows\SysWOW64\DC++ Share\javaws.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\jabswitch.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\chrome_proxy.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\ielowutil.exe 88885df7373d53bcf18a09d6bce77980N.exe File created C:\Windows\SysWOW64\DC++ Share\jarsigner.exe 88885df7373d53bcf18a09d6bce77980N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
829KB
MD52c95d1cb4ebf46f69bf57d77b0df8aff
SHA1209f1bbb8a72c71d3fe3608e63f21f2164572f74
SHA256e6d5d3767149c6a9589a40f697ade095eeb45bcea2203b85c88fc7729608af9b
SHA512efcfb0da7b7e46b7b03c0794f6e6142628a56cfae03e34228244341b8ae211ccb7e35acf29ff4ca65896613f21d9dc6feccfbf4bf66b66328aaa8b23b330ba53