Overview

overview

7

Static

static

3

Noxic.exe

windows7-x64

Noxic.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    61s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01-11-2024 17:48

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Noxic.exe

  • Size

    97.1MB

  • MD5

    3a74f44c697eab7f7d4be6f8f45f2fa3

  • SHA1

    9911e33b3db1ffe049f56ee1d5af12c189a02c3a

  • SHA256

    d317c6c038ca4e934f981c1c37d3d47b891249b10c7ce3e24d6ad3306a9a36dc

  • SHA512

    1e047418c6249363674612892389919971e722e8ac5c29bf365c4d41404aba9c2dbf9c76bb7c486da95f09883550d7d7fa24e631a9c91a9d02752e2133fb708a

  • SSDEEP

    3145728:Ch2VRVK8iQnLWFQM3K7f7+O5cjdsJIHxabE1:Ch2vVBf6R3Wf7+6ikS3

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Noxic.exe
    "C:\Users\Admin\AppData\Local\Temp\Noxic.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
      "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2248
  • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
    "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:1248
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:776
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x560
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:812
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2188

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • \Users\Admin\AppData\Roaming\Noxic\ffmpeg.dll
        Filesize

        2.7MB

        MD5

        d57dd69a4d084427ea5eef777de66f68

        SHA1

        cacb8e06a475b2125708ae70153aa1ca525177b0

        SHA256

        858612d51120907bede6782a6f13a5f0b391d11ed9a35af0647126831d9843b4

        SHA512

        517637325aff7416e16e25f33b491025e8791e71ae3df76effc6b2910e9e651604f856d2ad6058ceee13e87a7e0e33c0c572388e76a64f902be88f175a51973a

        Download Submit

      • memory/2804-0-0x00000000001E0000-0x00000000001E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2804-10-0x00000000001E0000-0x00000000001E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2804-9-0x0000000000400000-0x0000000000708000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/2804-139-0x0000000000400000-0x0000000000708000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/2804-203-0x0000000000400000-0x0000000000708000-memory.dmp

        Filesize

        3.0MB

        Download