8214092a5d5bfec1970634f891189e43b5aa9033ffc31d05f02d7730cc0a54b6

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Flexer.exe
Size

10.5MB
MD5

b42b429b19e7b4b490ab8b29fb0fc56e
SHA1

e60d12e74eedcda0e405e7251972e1d2848c668d
SHA256

8214092a5d5bfec1970634f891189e43b5aa9033ffc31d05f02d7730cc0a54b6
SHA512

4119edff832f83ce291b9aa0e0f8bec0ee74955f7fbd139d096d06554a27a03003d2ff81fb8c201e24d0f52b1da4d7f2931a5373ea8f9933a4c6321daa8209f1
SSDEEP

196608:/VamWiW6Nhi+raH1xq6kRZOdDw4jblkO/A12S1xIB8Ld7CD:9aglqE6kPOttjblky0IGd7O

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2852	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2168	Flexer.exe
2852	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2720	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2720	AUDIODG.EXE
Token: 33	2720	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2720	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2852	2168	Flexer.exe	32
PID 2168 wrote to memory of 2852	2168	Flexer.exe	32
PID 2168 wrote to memory of 2852	2168	Flexer.exe	32

C:\Users\Admin\AppData\Local\Temp\Flexer.exe
"C:\Users\Admin\AppData\Local\Temp\Flexer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\onefile_2168_133765467675526000\main.exe
  C:\Users\Admin\AppData\Local\Temp\Flexer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2852

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2884

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2168_133765467675526000\python312.dll

Filesize
6.6MB

MD5
b243d61f4248909bc721674d70a633de

SHA1
1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc

SHA256
93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7

SHA512
10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2168_133765467675526000\main.exe

Filesize
13.4MB

MD5
67c8d6f6010a18d0630406e3896110fa

SHA1
f93df6190bf5cdc93ad44f57e2f3fb113c230057

SHA256
df53755b8c372d515942378d8fabaf0583b9a81fe912bed99602aa9622a96a2c

SHA512
f1bbf104d7c2aa1fb5d530c1c6e39599639308b58cdf9b6ba86fab38be584e04eac75fc75c4a7b0bc3052766fbc1c05dde1eb23e7d7fa2cbc5f6b6605b722dba

Download Submit