Overview

overview

7

Static

static

3

7072005eea...9f.exe

windows7-x64

7

7072005eea...9f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7072005eead220ccc6c02101e39cb8f6439caef271db0f330c611c6ce17fc19f.exe

  • Size

    11KB

  • MD5

    05202aef44bbb0f24c590db4b7165cf4

  • SHA1

    c5c4bb4d71a5dff7f69467be4b53df0f293693d6

  • SHA256

    7072005eead220ccc6c02101e39cb8f6439caef271db0f330c611c6ce17fc19f

  • SHA512

    adda7cf99d652d4b30974c8d1eab4ad6997107c74dec25d145c8e93bf9f3ade8f942c1ceef015404a1c9483f1c484d6276cdf23f11665338e93684d8d65854d8

  • SSDEEP

    192:Zg6eHLE5KxkDpnqKjIdtaCRYvRtCk1rE1Ty68A3CuYYpZ7E:G6eHIAx0pqNgHvRtoyhASuYYpZ7E

Score
7/10
discoveryevasionpersistencetrojan

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7072005eead220ccc6c02101e39cb8f6439caef271db0f330c611c6ce17fc19f.exe
    "C:\Users\Admin\AppData\Local\Temp\7072005eead220ccc6c02101e39cb8f6439caef271db0f330c611c6ce17fc19f.exe"
    1⤵
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\DYVUY.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\SysWOW64\reg.exe
        REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "xplorer" /t REG_SZ /d "C:\Windows\xplorer\xplorer.exe" /f
        3⤵
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        PID:776
    • C:\Windows\xplorer\xplorer.exe
      "C:\Windows\xplorer\xplorer.exe"
      2⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DYVUY.bat
    Filesize

    124B

    MD5

    4e6e99d38b1264af2b53a68c7cd6d648

    SHA1

    55ffe17732d1d9c539d702a1311ef9674fe7b3cf

    SHA256

    168d9cdf4849fde3b4817db207e60934b6c877be439289f3fb3a4eb9e4326ff0

    SHA512

    bde21abed1bfc3dbdd6afc83614aa27c3f33dfbb434e139523ac57ecd84875b0e96a241f5828eda0b055f787ec7f95850b0f4ab0ee752ac36484b2bfd78a859d

    Download Submit

  • \Windows\xplorer\xplorer.exe
    Filesize

    11KB

    MD5

    2387ce0b84182b9ff189f973173b528f

    SHA1

    9d336673af059b14f25165a3e78adfc5449a1597

    SHA256

    5ea7b20d2bd9d592355443a6643fc7938c97225f5997fc76564f2cc308620623

    SHA512

    aa13f29f87b47dfb2a7664a1d16280d2b8a6fda7009bc520f487369a2d9e06a66c27a82db763f81fc558bce4938bd9d324ddb5c514e60296a7cc9a0314e85f0d

    Download Submit

  • memory/2212-40-0x0000000000570000-0x0000000000579000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-27-0x0000000000560000-0x0000000000569000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-42-0x0000000000570000-0x0000000000579000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-41-0x0000000000570000-0x0000000000579000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-46-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-47-0x0000000000560000-0x0000000000569000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-48-0x0000000000570000-0x0000000000579000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-49-0x0000000000570000-0x0000000000579000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2212-50-0x0000000000570000-0x0000000000579000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2700-52-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download