Overview

overview

7

Static

static

5

malware.exe

windows7-x64

3

malware.exe

windows10-2004-x64

3

malware.exe

windows7-x64

5

malware.exe

windows10-2004-x64

5

malware.exe

windows7-x64

7

malware.exe

windows10-2004-x64

7

malware.exe

windows7-x64

5

malware.exe

windows10-2004-x64

5

malware.exe

windows7-x64

7

malware.exe

windows10-2004-x64

7

malware.exe

windows7-x64

5

malware.exe

windows10-2004-x64

5

malware.exe

windows7-x64

3

malware.exe

windows10-2004-x64

3

malware.exe

windows7-x64

7

malware.exe

windows10-2004-x64

7

malware.exe

windows7-x64

7

malware.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 08:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    malware.exe

  • Size

    147KB

  • MD5

    cefbe57fb29cbd911b28e1d9a8918ab0

  • SHA1

    c0c93f1afc0985fda540f8292f323d40f00c3198

  • SHA256

    9e72e4553bb8d724c3b625ece13632f26f1e9bebdad61ffeeb38ea5fab14b118

  • SHA512

    97ec327558d8c9a2551db02cd81cd4354d0831925f7e193b5036d21a601f764a48cffca05d59bf329d7fdea7c66e1c53eb00bcb30d6fe95dcc6bf74ab2806f20

  • SSDEEP

    3072:vCgR4N2ApH77yU06Y0a+rkaOQ7n4EXhMpe:6gR4NT0Z0aZah7n/hME

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:380
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:472
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:588
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:1176
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:664
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:732
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:808
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1156
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:848
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:956
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:1020
                            • C:\Windows\System32\spoolsv.exe
                              C:\Windows\System32\spoolsv.exe
                              3⤵
                                PID:1008
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                3⤵
                                  PID:1044
                                • C:\Windows\system32\taskhost.exe
                                  "taskhost.exe"
                                  3⤵
                                    PID:1104
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:1472
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:2116
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:488
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:496
                                      • C:\Windows\system32\winlogon.exe
                                        winlogon.exe
                                        1⤵
                                          PID:428
                                        • C:\Windows\Explorer.EXE
                                          C:\Windows\Explorer.EXE
                                          1⤵
                                            PID:1184
                                            • C:\Users\Admin\AppData\Local\Temp\malware.exe
                                              "C:\Users\Admin\AppData\Local\Temp\malware.exe"
                                              2⤵
                                              • Loads dropped DLL
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of WriteProcessMemory
                                              PID:2872
                                              • C:\cleansweep.exe\cleansweep.exe
                                                "C:\cleansweep.exe\cleansweep.exe"
                                                3⤵
                                                • Executes dropped EXE
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:11220

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\cleansweep.exe\cleansweep.exe
                                            Filesize

                                            147KB

                                            MD5

                                            cefbe57fb29cbd911b28e1d9a8918ab0

                                            SHA1

                                            c0c93f1afc0985fda540f8292f323d40f00c3198

                                            SHA256

                                            9e72e4553bb8d724c3b625ece13632f26f1e9bebdad61ffeeb38ea5fab14b118

                                            SHA512

                                            97ec327558d8c9a2551db02cd81cd4354d0831925f7e193b5036d21a601f764a48cffca05d59bf329d7fdea7c66e1c53eb00bcb30d6fe95dcc6bf74ab2806f20

                                            Download Submit

                                          • C:\cleansweep.exe\config.bin
                                            Filesize

                                            63KB

                                            MD5

                                            a86af2ad16375c1fa928ce549157167e

                                            SHA1

                                            f089083f99d873565ee133f167c3ef7d756bda28

                                            SHA256

                                            4102a155d2dc8be3dd74d592a714fc6c96a8d3fef809ad6c49aacb1ec70d09e1

                                            SHA512

                                            eacc47b9ca3e6cfd947393a6504f1878808e850c787a52b5b64a3c4ff33a40e569bb4a1b84508426adcf014368ddff92094b543f060d76edd1880ac7ee2ef49f

                                            Download Submit

                                          • memory/1184-28-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-34-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-58-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-55-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-52-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-49-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-43-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-22-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-25-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-31-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-61-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-40-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-37-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-19-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-16-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-13-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-9-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-46-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-6-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-3-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-0-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/1184-65-0x000000000EA00000-0x000000000EA27000-memory.dmp

                                            Filesize

                                            156KB

                                            Download

                                          • memory/2872-10-0x0000000000401000-0x0000000000403000-memory.dmp

                                            Filesize

                                            8KB

                                            Download