Overview

overview

7

Static

static

3

a0cd831fa0...18.exe

windows7-x64

3

a0cd831fa0...18.exe

windows10-2004-x64

3

$1.exe

windows7-x64

7

$1.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...et.dll

windows7-x64

3

$PLUGINSDI...et.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$TEMP/repair.exe

windows7-x64

7

$TEMP/repair.exe

windows10-2004-x64

7

mfc42u.dll

windows7-x64

3

mfc42u.dll

windows10-2004-x64

3

repair.exe

windows7-x64

7

repair.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 02:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    repair.exe

  • Size

    697KB

  • MD5

    2e30c329a59d3bc3a14b61889642c6ef

  • SHA1

    d0db21609c4a67f62649e4b72c8d83c481a7f7ae

  • SHA256

    0515d9773ee665bf9b67b6e8ebefabc0ad4aeff365d6ece7399cb867ccc93233

  • SHA512

    f9dc1bf8b109354a98670ef39aea27b4c36daa0f14ac26aa1f1c0325c95fdfad4ff803ee0e8eba5aa12beb1bac2ed7bf713bae762e0565829cef35b7949918cb

  • SSDEEP

    6144:5rcihvKU0a5mcYdoo5Yf6NdEdfy0WEUWwvkL8L3ME4uamALNaACoV9AVYBX+0dyo:5YiAUBx6/EdKWaDajMYuDeK8ci6aW8

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\repair.exe
    "C:\Users\Admin\AppData\Local\Temp\repair.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:3268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\36094ED.tmp360net.dll
    Filesize

    53KB

    MD5

    400370e02fdcb2baaa9420e4cdc88916

    SHA1

    2194248a77f3e06558d8576f76078963f29c2c1e

    SHA256

    093147cacd4ff5b8777dd9802738955a9812add0b7bcfae022aa5ad11f06340d

    SHA512

    1a45db6da425373097e3df03baf17e29a6135fc92acafca075995abe0586baabad93f61936b7217c9da19fc12d3bf16f934cf0f3c03ed808a3773ae45e192212

    Download Submit