Overview

overview

10

Static

static

10

Tear.exe

windows7-x64

10

adochi.exe

windows7-x64

7

autoit.exe

windows7-x64

10

autoit2.exe

windows7-x64

10

autoit3.exe

windows7-x64

10

deviation.exe

windows7-x64

8

encoder.exe

windows7-x64

10

encoder2.exe

windows7-x64

9

encoder3.exe

windows7-x64

10

encoder4.exe

windows7-x64

5

encoder5.exe

windows7-x64

10

erebus.exe

windows7-x64

9

myxaha.exe

windows7-x64

7

$LOCALAPPD...er.exe

windows7-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...om.dll

windows7-x64

5

trucry.exe

windows7-x64

10

wlock.exe

windows7-x64

3

wlock2.exe

windows7-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 00:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    autoit.exe

  • Size

    755KB

  • MD5

    8a94444f516ae796c6a9b95182b537de

  • SHA1

    3f7dc2fb25ab8a493bb64a957df89a7ac45337fc

  • SHA256

    fd37685a99f5016d6537ce588e39d16ad8079d5ea7194f6cd4a0adff1cfa81b4

  • SHA512

    b50318f529726469e440e4d12e5a33c2a3afc3cbd30f7a899a168e18c95dafe152c34dfe8df6d44d2d1a1dd1380bced5e29eafe3a2ad85c281067c66761c0536

  • SSDEEP

    12288:/hkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aIbd2IMxIfQdCli:FRmJkcoQricOIQxiZY1iaIpIxBb

Score
10/10
discoveryevasionpersistencetrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 4 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System policy modification 1 TTPs 5 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\autoit.exe
    "C:\Users\Admin\AppData\Local\Temp\autoit.exe"
    1⤵
    • UAC bypass
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • System policy modification
    PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads