Overview

overview

8

Static

static

1

procexp.exe

windows10-1703-x64

8

procexp.exe

windows11-21h2-x64

procexp64.exe

windows10-1703-x64

8

procexp64.exe

windows11-21h2-x64

8

procexp64a.exe

windows10-1703-x64

procexp64a.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ProcessExplorer.zip

  • Size

    3.3MB

  • Sample

    241004-a739mazajh

  • MD5

    6c33b4937c5ed3f19f44cda1a9fe0bfc

  • SHA1

    09ac5309b4d112d7cdb275572c28e3513748ad8c

  • SHA256

    54336cd4f4608903b1f89a43ca88f65c2f209f4512a5201cebd2b38ddc855f24

  • SHA512

    de2d46289164c77e7e5815d011164b48fe3e7394228a4ac2dd97b58a9ec68e306e7d18b18c45913fda9b80fed47607ea7600004e5fdffcda5b1362e71ad68056

  • SSDEEP

    98304:X3b+VbMEmOZQPzOc9dVfDoicMl7AhUbQN4:HZE1Q6AVEyV44

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      procexp.exe

    • Size

      4.3MB

    • MD5

      94c60e6704b5dd11a139f2ffebde9135

    • SHA1

      cd89f1cf9428a3eab554a3eb9ff6ca869e5bc368

    • SHA256

      106bf123359d03963b1df1011fb8560aaf1c5e811de775dce1d8a53758a69102

    • SHA512

      586bf326eae890379fcc7ad60e0a70384d069898aea46da32baf6bd60854df97b461019beaf17744ba3dfc0e70eb75970b977c30f035d296ae89763605d4ff6d

    • SSDEEP

      49152:cGNq7FBhpRWa3viMRIcDdxw6dXF3W1QrL1UDq3P8mlp4DOXUxm:cGejpRWafEkRW6OHmrZXt

    Score
    8/10
    discoverypersistencedefense_evasion

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      procexp64.exe

    • Size

      2.3MB

    • MD5

      dfeea73e421c76deb18d5ca0800dccf2

    • SHA1

      0497eba0b24d0f4500faad5ae96dbebab9c64608

    • SHA256

      8158dc0569972c10056f507cf9e72f4946600ce163c4c659a610480585cd4935

    • SHA512

      23ddc9f28314d4cf3b05d88b9e0b6fd69f9804f5e9c3f7703258ff2c5786721061321379fde53e21048d3c7cce1ff71e2872d48dcc580d059397fa0692335630

    • SSDEEP

      24576:KDdzFYrinOS7FJF3WJ/Et7/LSYUymq3PuPmjBp4Mjc7qWMWKEzy3J:KDdxw6dXF3W1QrL1UDq3P8mlp4DOZ

    Score
    8/10
    persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

    • Target

      procexp64a.exe

    • Size

      2.3MB

    • MD5

      1d55cfae27355963f91f998f1094f6bf

    • SHA1

      aaeb1984f127187e192c0b2ff5e6c9ff608f4388

    • SHA256

      0c5105877c4f67e97eef59faafc2bf687bdcbf600c8fe80901dda65f5b7daf57

    • SHA512

      f71ab8017c94a07545733ad45dd2ca7eff899b2746edaf3bbab2c6e509329b5eb660bdeeca8c0bb779f2ea82e2fc883b1f8dbcb67472a00f030bc269c823e04b

    • SSDEEP

      12288:eMPQvJ1R1R/AHw3bhauwNfFXnsoUnQ172wi2V9aq0SVJve5iOgmc6jIxHqJOixM6:5YXTofXOG9aqbTvIyb6jmHqJOi8yUR70

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks