Overview

overview

7

Static

static

3

DEUSEXMKD+...NG.exe

windows7-x64

7

DEUSEXMKD+...NG.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-09-2024 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DEUSEXMKD+22Tr-LNG.exe

  • Size

    4.0MB

  • MD5

    d60f09f0dd451feb6dec466e505fc8a2

  • SHA1

    b120849961868983a8d0441579e6bb55856ebbe7

  • SHA256

    9b88f96ff05b00bff38560eb562f2d56254aa85164416a765a0fa1782b979c12

  • SHA512

    72bf9b33d6e3dd1f21dfe66b6c7f65e6cd56f613f11069312185da1a68590de90443c395c3e0ef45868840af79a50a2d07bcd8145c5843931899d8302ba4113b

  • SSDEEP

    49152:ubb/LKDfkvNWpiTOMxoYGQlAkxpP2vrXG6+WZpULn92zFEi2Tnsrc:uCkvLoYGQlAkxpP2vrXG6A92zFL27sw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DEUSEXMKD+22Tr-LNG.exe
    "C:\Users\Admin\AppData\Local\Temp\DEUSEXMKD+22Tr-LNG.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4360
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x500 0x510
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.3.5.0\x64\ssapihook.dll
    Filesize

    66KB

    MD5

    c74d260d388f5ac3d95d8c1c3a27c989

    SHA1

    5da009086036004a7c670d608d5e1e923aead568

    SHA256

    dc1bebb8ce88d59e4b3130c1ff2c4b7f5df2701c7a71b476b8a6f2ed541db628

    SHA512

    6460db8f73806017d267c0e4e112902956a3bc53853c6a893cff66fe44772305b2c158ef8b58e993806d713aceaddcf2efa7ccf625063678444d3fd20b10546a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bass.Net.dll
    Filesize

    632KB

    MD5

    ddc305fca2a8d80523ad8bc50996480b

    SHA1

    7bee723b565267aa355ad9f7f5cf17c74f2cce1f

    SHA256

    af9e46b70c7739547739ddfcdd56b7b218b5bda6e14c49bed3bbc08c2b867216

    SHA512

    acf2064d1b59d73cc5086f9a8c26a5e1fb7e7909e5460d3427d7681ee36709a568146000bbea9464fb173df474c58bda4f87bbbb759ea06ed2fd71d3c6bc0eea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bass.dll
    Filesize

    218KB

    MD5

    82dbc53c4e057ad941eb73aba212956e

    SHA1

    38a582ce5fbe03e8c5f040d82f89b4797e305860

    SHA256

    eda3f66eedc49ff9b9506c1ccf679a7822104c771eaab3afa367f0d6a2c9bbd5

    SHA512

    6f8e9082750c9cc8eb7bcaf7b7442f52ec55e2b712fff29a3a22868218fbfd605b594314e7be2720fd25f5a89d95774481177429de35acb48d023d39a2767781

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp7ED5.tmp
    Filesize

    832KB

    MD5

    6aab5c90d7c703ed4aefd5100c97fd22

    SHA1

    b6bb0a5614da9565d5ef2a5a23aa0aaa5bd5b3f0

    SHA256

    1b796196d9ae7b15507546d53a2b5aeae36e5b80e6291f02317f6fedab18d74a

    SHA512

    6c1c1cc6da08f49d15f6cbbadc81bdfaa4251d9ecc9321e0de474141534b42f2bc4c4ada053ace81e07635478f945d2266466f45f9e55c3c924c974d86c26251

    Download Submit

  • memory/4360-34-0x00007FF889030000-0x00007FF889031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-37-0x00007FF889050000-0x00007FF889051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-19-0x000000001F650000-0x000000001F748000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4360-2-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-26-0x00007FF888FD0000-0x00007FF888FD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-27-0x00007FF888FC0000-0x00007FF888FC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-28-0x00007FF888C70000-0x00007FF888C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-29-0x00007FF888FE0000-0x00007FF888FE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-30-0x00007FF888FF0000-0x00007FF888FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-31-0x00007FF889060000-0x00007FF889061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-32-0x00007FF889000000-0x00007FF889001000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-33-0x00007FF889010000-0x00007FF889011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-0-0x00007FF8EC893000-0x00007FF8EC895000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4360-35-0x00007FF889040000-0x00007FF889041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-36-0x00007FF889020000-0x00007FF889021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-9-0x000000001C460000-0x000000001C502000-memory.dmp

    Filesize

    648KB

    Download

  • memory/4360-38-0x00007FF889070000-0x00007FF889071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-39-0x00007FF885DB0000-0x00007FF885DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-40-0x00007FF885E00000-0x00007FF885E01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-41-0x00007FF885E10000-0x00007FF885E11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-42-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-43-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-44-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-45-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-1-0x0000000000FF0000-0x00000000013EE000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4360-51-0x00007FF8EC893000-0x00007FF8EC895000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4360-52-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-53-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-54-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-55-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-56-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download