Overview

overview

10

Static

static

3

Chams Sudd...rs.exe

windows7-x64

10

Chams Sudd...rs.exe

windows10-2004-x64

10

Chams Sudd...no.dll

windows7-x64

3

Chams Sudd...no.dll

windows10-2004-x64

3

Perx Wall ...ed.exe

windows7-x64

3

Perx Wall ...ed.exe

windows10-2004-x64

3

Perx Wall ...no.dll

windows7-x64

3

Perx Wall ...no.dll

windows10-2004-x64

3

Siyanur la...ck.exe

windows7-x64

7

Siyanur la...ck.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-11-2024 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Siyanur lag hack- S.A latino/siyanur - Lag Hack.exe

  • Size

    777KB

  • MD5

    91c8a2597dfaa6acd74e3e36aad13795

  • SHA1

    6eecfee76e50c1386d5e2ace2d854b36e772f39e

  • SHA256

    6579041d87f55e77a82942f943ecee122555a40f0bc93be4614cf024b87f1cf1

  • SHA512

    bba3004e251eeeed049a656746fe3e915e46953f46078cefd18bb79a7dd04f81155f4396e3bb07ae99523ac4fa99386255e378eeee997550bc875004c7a1c7ab

  • SSDEEP

    24576:5naVMJ3TWq+OxymwoglBMazrEdr6kS3rJQBtUkBgJ:5amJjyOwmwoMFqrSinXBgJ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 11 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 10 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Siyanur lag hack- S.A latino\siyanur - Lag Hack.exe
    "C:\Users\Admin\AppData\Local\Temp\Siyanur lag hack- S.A latino\siyanur - Lag Hack.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5108
    • C:\Users\Admin\AppData\Local\Temp\is-JFG64.tmp\siyanur - Lag Hack.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JFG64.tmp\siyanur - Lag Hack.tmp" /SL5="$501D4,552640,54272,C:\Users\Admin\AppData\Local\Temp\Siyanur lag hack- S.A latino\siyanur - Lag Hack.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4484
      • C:\Program Files\Siyanur\snetcfg.exe
        "C:\Program Files\Siyanur\snetcfg.exe" -v -l spfdrv.inf -m spfdrv_m.inf -c s -i nt_spfdrv
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:316
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3956
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{aacee30a-6942-3a43-ae4a-ccb0eeabe850}\spfdrv.inf" "9" "4e2cd0677" "0000000000000154" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Siyanur"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:3136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Siyanur\siyanur.exe
    Filesize

    36KB

    MD5

    20c4cd6e8536974333b42b87670edc72

    SHA1

    367ba1d78d578c5d76b2ab610ed0a74b4d43b958

    SHA256

    853c150960d267159a5b35692c66cabfb84a07ccd928ad3c7abd355f1c7751ff

    SHA512

    39493bb0f8c12f350ae8b3d3126becd15d143a4d7d8331254d28f43a5b9637058ca0e2472331c0198d7b78229d7b5eedfdc6d1feca41d843410e020e4fc4db5a

    Download Submit

  • C:\Program Files\Siyanur\snetcfg.exe
    Filesize

    15KB

    MD5

    69caec3264ee2470fbe9f931e46c9004

    SHA1

    0abb876471eb403017044672ae7b2fa7307692e5

    SHA256

    5143a5aae6bfe37c36189536f759e66134525bbc5803683fc779fe8a1249ec91

    SHA512

    8cf034314bf389754545663ea4d174fbc9516239a55b580bdb063c17d8eb90e76664582a5823f3df0429e34efae90f8ddd3d1649c3b484f2082474bbf3144125

    Download Submit

  • C:\Program Files\Siyanur\spfdrv.inf
    Filesize

    3KB

    MD5

    9fc9d155a31cc6fca37ce89ab8a28728

    SHA1

    86a54d8184911b8f5f4527513aeb848e3345c163

    SHA256

    0aa3404756bc22158550e3c06fb9cf70067f13079fd93cd21eb4cdc40246d06e

    SHA512

    de7590d9c263c99f97941b0dc86e4e7a2a68f9f8a044e2fed00da51b2e9ec626dc8b4d065f9a6295f146e41764df96ac082d57c94474ae374d1adbceb56ea983

    Download Submit

  • C:\Program Files\Siyanur\spfdrv_m.inf
    Filesize

    1KB

    MD5

    0c9085a0198e8fd9630090021fd8245e

    SHA1

    6b2c9525d523c63c3ad8652a2d11987ac4ab45f2

    SHA256

    b73dd49de4d1520fc3c643f4ab1d0690f6ef55aef0745011a885a8a96a3cb2c9

    SHA512

    db71ede9cbac890b3e3e8f5f78300d56a5738ae6e06a0b2fa802c3f3065db3043cc98330c4ea418f65d8c0d6ebbf7ad0e11830b28d18b36e60fc47ddce950c58

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-JFG64.tmp\siyanur - Lag Hack.tmp
    Filesize

    688KB

    MD5

    c765336f0dcf4efdcc2101eed67cd30c

    SHA1

    fa0279f59738c5aa3b6b20106e109ccd77f895a7

    SHA256

    c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

    SHA512

    06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{aacee30a-6942-3a43-ae4a-ccb0eeabe850}\spfdrv.sys
    Filesize

    31KB

    MD5

    0a0db26708469f3ade7dfcc5679be8f9

    SHA1

    5f75aca605e5c967d43cd74a490a57b3166865ae

    SHA256

    7799f60f6ebf7985a4c08a0185e93843f85ddea130f0c507a5b90c3f9b52e977

    SHA512

    5f5e12ea1d9c4b368f7f31d9128107ee07bea8b65da77a8a83e178d2e94b7a3e7c20eda7835db66ab40b7131e11c23bd9922f490041a4205cfb07b84f10061fd

    Download Submit

  • memory/4484-12-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4484-16-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4484-14-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4484-79-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4484-83-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/5108-13-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/5108-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/5108-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/5108-84-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download