Overview

overview

10

Static

static

10

2024-08-08.zip

windows10-1703-x64

1

0163684970...64.exe

windows10-1703-x64

8

0581756a65...1b.exe

windows10-1703-x64

3

06fcfd75f4...40.exe

windows10-1703-x64

6

083b02e212...c7.exe

windows10-1703-x64

3

087a3b8725...c9.jar

windows10-1703-x64

7

08c7fb6067...a2.exe

windows10-1703-x64

3

0e85d0a9fc...50.exe

windows10-1703-x64

6

0f1b66752d...9d.exe

windows10-1703-x64

3

0f2abe41f4...70.exe

windows10-1703-x64

10

0f8a6d8705...e5.exe

windows10-1703-x64

10

1026da21d9...42.exe

windows10-1703-x64

10

109927ded1...91.exe

windows10-1703-x64

6

15c71b616f...79.exe

windows10-1703-x64

10

17b5394a5c...70.exe

windows10-1703-x64

10

1873c4b2bd...d4.exe

windows10-1703-x64

10

19efe1624f...3c.exe

windows10-1703-x64

10

1de0ce90e5...f7.vbe

windows10-1703-x64

1

1e6ad08c5e...5f.exe

windows10-1703-x64

10

1f7cedbe04...4c.exe

windows10-1703-x64

10

22586df437...62.exe

windows10-1703-x64

10

29f90a4f62...e6.xls

windows10-1703-x64

1

2b34ad054e...da.exe

windows10-1703-x64

10

2bb032333f...2c.exe

windows10-1703-x64

3

2bda6048a8...dc.exe

windows10-1703-x64

7

2c7da6690b...6a.exe

windows10-1703-x64

4

2caf283566...2e.exe

windows10-1703-x64

10

300d87987d...45.exe

windows10-1703-x64

7

353a75d0ad...a5.exe

windows10-1703-x64

7

391ac1ceed...57.exe

windows10-1703-x64

7

d4cb60a0e9...01.hta

windows10-1703-x64

10

e0fa6d69b2...1e.msi

windows10-1703-x64

6

Analysis

  • max time kernel
    128s
  • max time network
    140s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10-08-2024 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e85d0a9fcf30f823c43e697f99cf61743ef1d29228e160f19005e343f2a5b50.exe

  • Size

    550KB

  • MD5

    f004176cb0a58af018acc7b3ee4398af

  • SHA1

    4fc9105afcbefcdfc0dbff01c5fc3ee8cc45ef75

  • SHA256

    0e85d0a9fcf30f823c43e697f99cf61743ef1d29228e160f19005e343f2a5b50

  • SHA512

    42f73084adda1175edc7587ca119501b0040a42cd99418a16d57329d0c88b1a03e66c231d0fb8c5111d7104153d31040dd1ab47e3fc1ef9041b0a711e8354eb0

  • SSDEEP

    6144:EPww4FehRKMT22sHO54gFbq1gXbMyxe8Z8ly1+QHGMY9JWaOKhlbA9NI9gZbCdpe:Ne5+8bYyxe8F1bHGPWaphL6Z+DQb

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e85d0a9fcf30f823c43e697f99cf61743ef1d29228e160f19005e343f2a5b50.exe
    "C:\Users\Admin\AppData\Local\Temp\0e85d0a9fcf30f823c43e697f99cf61743ef1d29228e160f19005e343f2a5b50.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C whoami && ipconfig
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Windows\system32\whoami.exe
        whoami
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3256
      • C:\Windows\system32\ipconfig.exe
        ipconfig
        3⤵
        • Gathers network information
        PID:4396
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v MyStartupApp /t REG_SZ /d C:\ProgramData\plugin\pulg.exe /f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1824
      • C:\Windows\system32\reg.exe
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v MyStartupApp /t REG_SZ /d C:\ProgramData\plugin\pulg.exe /f
        3⤵
        • Adds Run key to start application
        • Modifies registry key
        PID:1520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2404-0-0x0000027BC1D90000-0x0000027BC1D91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2404-2-0x0000027BC3870000-0x0000027BC38F8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2404-3-0x0000027BC3820000-0x0000027BC3869000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2404-4-0x0000027BC1DA0000-0x0000027BC1DA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2404-5-0x0000027BC3820000-0x0000027BC3869000-memory.dmp

    Filesize

    292KB

    Download