Overview

overview

8

Static

static

5

8c074a50a5...3N.exe

windows7-x64

8

8c074a50a5...3N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 08:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8c074a50a582d89401af738650761c1335110124b29c7e507e459319a2f17fc3N.exe

  • Size

    729KB

  • MD5

    0274d0c3fba041672ba08a50d8da8c70

  • SHA1

    0e1863c7389bc22caab98503000b6c4ac46360ca

  • SHA256

    8c074a50a582d89401af738650761c1335110124b29c7e507e459319a2f17fc3

  • SHA512

    8d84078b678714bbdb92932d7abda82a50eee86caae74fb7f1e435f4907e06e20d8bb60d71dc244a434afe4dea057eecc14ce8302e2d234d1df54569a6d6fae1

  • SSDEEP

    12288:8Db/rbpa6Fddy43eiUMSYjlpXS6zVFqsEVDVj+ek1PxXHqyq+Sb2zQnmvvoe:8bbpa6FXyiUea6zNEVDV6eAxXKyq3aVV

Score
8/10
discoveryupxvmprotect

Malware Config

Signatures

  • Manipulates Digital Signatures 1 TTPs 1 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c074a50a582d89401af738650761c1335110124b29c7e507e459319a2f17fc3N.exe
    "C:\Users\Admin\AppData\Local\Temp\8c074a50a582d89401af738650761c1335110124b29c7e507e459319a2f17fc3N.exe"
    1⤵
    • Manipulates Digital Signatures
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • \??\c:\windows\temp\clientbarviow.exe
      c:\windows\temp\clientbarviow.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:452
      • C:\Windows\SysWOW64\net.exe
        net stop sharedaccess
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:324
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop sharedaccess
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4572

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Temp\clientbarviow.exe
          Filesize

          9KB

          MD5

          7e9c40b02c42cd151bb63e019ca4c798

          SHA1

          3eedef98d5846e548ccd842a965e14cdfcaf9c45

          SHA256

          7f6953343d87820f5a22c04e51fe5c652acfb8c459f808e85dbdf5e35e45893d

          SHA512

          0aad3a89ed48551c7b7065bb6e40350ed3e8c8f0bd6976b321daa4c4fa35086a3b29d8ca58ea038156ce5f00e76d6640f99f752d044688a8ab501a6e8391659b

          Download Submit

        • C:\Windows\Temp\md5.htm
          Filesize

          6KB

          MD5

          3b6ce9bf02eb7b7842d46e59c9950054

          SHA1

          466879d445e04eb7c7158e41eb17a5bfde94c8ec

          SHA256

          bdb80af9d49bd41dee5f7d7a28c86257663331795a2a154e104a65cf0c22f9af

          SHA512

          d4aced2272c43e906639cf439d1be5afbab539afa1b265c7e38aab4e548179badc9cf346f99a85ff5ce1b00d68ceb373307af408ee53bfee810bfb3806f4ab50

          Download Submit

        • C:\Windows\Temp\minihook.dll
          Filesize

          16KB

          MD5

          dc496987d75b5e592112605a2dbd8532

          SHA1

          758513f98b8765aa17219c5c4a9afd177dee2832

          SHA256

          e07e564b08899a594905bd503090321754df7c1c01acedc91bc3853c41c716dd

          SHA512

          f2949ab15b83f7448619e7b6adead063bd2d1a616249f3bc22c200133303b49d8541b53418ae993770070cd9576abf34237d21f8441b693c8d35c6107066d7f8

          Download Submit

        • memory/452-13-0x0000000000400000-0x0000000000404000-memory.dmp

          Filesize

          16KB

          Download

        • memory/452-36-0x0000000000400000-0x0000000000404000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2024-0-0x0000000000400000-0x00000000005C0000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2024-15-0x0000000000400000-0x00000000005C0000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2024-17-0x0000000010000000-0x0000000010008000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2024-21-0x0000000010000000-0x0000000010008000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2024-20-0x0000000010002000-0x0000000010003000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2024-30-0x0000000000400000-0x00000000005C0000-memory.dmp

          Filesize

          1.8MB

          Download