Overview

overview

10

Static

static

10

Cxdyz/Flexer.exe

windows10-2004-x64

1

Cxdyz/Flexer.exe

windows10-2004-x64

7

Cxdyz/Flex...pet.js

windows10-2004-x64

3

Cxdyz/Guna.UI2.dll

windows10-2004-x64

1

Cxdyz/Micr...re.dll

windows10-2004-x64

1

Cxdyz/Micr...ms.dll

windows10-2004-x64

1

Cxdyz/Micr...pf.dll

windows10-2004-x64

1

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...sample

windows10-2004-x64

3

Cxdyz/Mona...x.html

windows10-2004-x64

1

Cxdyz/Mona...ain.js

windows10-2004-x64

3

Cxdyz/Mona...bap.js

windows10-2004-x64

3

Cxdyz/Mona...pex.js

windows10-2004-x64

3

Cxdyz/Mona...cli.js

windows10-2004-x64

3

Cxdyz/Mona...bat.js

windows10-2004-x64

3

Cxdyz/Mona...igo.js

windows10-2004-x64

3

Cxdyz/Mona...ure.js

windows10-2004-x64

3

Cxdyz/Mona...fee.js

windows10-2004-x64

3

Cxdyz/Mona...cpp.js

windows10-2004-x64

3

Cxdyz/Mona...arp.js

windows10-2004-x64

3

Cxdyz/Mona...csp.js

windows10-2004-x64

3

Cxdyz/Mona...css.js

windows10-2004-x64

3

Resubmissions

08-08-2024 12:34

240808-prr9ratclq 10

08-08-2024 12:23

240808-pks8gaxbld 10

08-08-2024 12:21

240808-pjlr1axbke 10

Analysis

  • max time kernel
    94s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cxdyz/Flexer.exe

  • Size

    331KB

  • MD5

    6a0e13b24da1aaaa245bca6bbd7ab8a5

  • SHA1

    5b3e5151d93afaf3aa2c7c662646b7ddb21696e5

  • SHA256

    4800934f54a511a3e446aabda11315369c045ef80b82bb7550e9822cb2f8d50d

  • SHA512

    7bbbaf3b3e6c4a50d3b4813f143febe3c4d48b881a7947ce4307fb73997f81e5107fcce73ee0cbb59f49035b78ff0f7b350bb89325c8bcd9363b393bdf2d680d

  • SSDEEP

    6144:UAAbpw+JSN6nGQ7BU0wrlEVhY4AAkGcBaA7WCwmuoNCYH7UFfowKW+H2Fz:TADJSN6r7BUVBEVhVAAkGcUA7WVV0CqF

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cxdyz\Flexer.exe
    "C:\Users\Admin\AppData\Local\Temp\Cxdyz\Flexer.exe"
    1⤵
      PID:4912
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3004-0-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-1-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-2-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-12-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-11-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-10-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-9-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-8-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-7-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3004-6-0x0000021817C60000-0x0000021817C61000-memory.dmp
      Filesize

      4KB

      Download