Overview

overview

10

Static

static

10

malware/EinTT.exe

windows7-x64

10

malware/EinTT.exe

windows10-2004-x64

10

malware/fox.exe

windows7-x64

3

malware/fox.exe

windows10-2004-x64

3

malware/guJPO.exe

windows7-x64

10

malware/guJPO.exe

windows10-2004-x64

10

malware/loader1.exe

windows7-x64

10

malware/loader1.exe

windows10-2004-x64

7

dnjdbaa.exe

windows7-x64

3

dnjdbaa.exe

windows10-2004-x64

3

malware/regasm.exe

windows7-x64

10

malware/regasm.exe

windows10-2004-x64

10

malware/vbc.exe

windows7-x64

10

malware/vbc.exe

windows10-2004-x64

7

rywcikv.exe

windows7-x64

3

rywcikv.exe

windows10-2004-x64

3

malware/vbc1.exe

windows7-x64

10

malware/vbc1.exe

windows10-2004-x64

7

eblupydfzx.exe

windows7-x64

3

eblupydfzx.exe

windows10-2004-x64

3

malware/vbc2.exe

windows7-x64

10

malware/vbc2.exe

windows10-2004-x64

7

ioatgumevw.exe

windows7-x64

3

ioatgumevw.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    97s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 20:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    malware/loader1.exe

  • Size

    233KB

  • MD5

    b347d8b2e90e11981f6895be59b5f30c

  • SHA1

    fecff17fe981b71deaa00b7522833f2a9c3ffee7

  • SHA256

    10ccac80baa31a7a96f2b73fe158db6b699f27f9b89af9692a0ccc152802fb12

  • SHA512

    c812ea37eccc072a73ff4e1c81eb29b1b5ca2eda5a02c1fae2955cee49d0b770bfa7437e9f67ea15f39838d75c546da6a8359a616f537dd7ab785d0fbfcc617c

  • SSDEEP

    6144:HNeZmtzTH8yzLyIjNv3Sy+BsSuLagm4ZPvX/yMB6Z:HNltzTH8ULLjU1spaIPvLW

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\malware\loader1.exe
    "C:\Users\Admin\AppData\Local\Temp\malware\loader1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Users\Admin\AppData\Local\Temp\dnjdbaa.exe
      C:\Users\Admin\AppData\Local\Temp\dnjdbaa.exe C:\Users\Admin\AppData\Local\Temp\ifurxc
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Users\Admin\AppData\Local\Temp\dnjdbaa.exe
        C:\Users\Admin\AppData\Local\Temp\dnjdbaa.exe C:\Users\Admin\AppData\Local\Temp\ifurxc
        3⤵
          PID:4932
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 556
          3⤵
          • Program crash
          PID:4068
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2592 -ip 2592
      1⤵
        PID:2832

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\dnjdbaa.exe
              Filesize

              3KB

              MD5

              b17e11409b97808d802c27523541dcab

              SHA1

              0c880010d7d33b0f60ba731245d0b016387c8621

              SHA256

              47e37b53746d8769b8c78851a402fa40698c3fb7437c6f922df1de9053e4d366

              SHA512

              ccc80355178322133ef878d42663eb583916598264b9f7039719ddac54fdccd1d7007d3414d35170de5ad61d4b4ecdd6cd8b26f48fc447e200a4e650c5c7504f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\ifurxc
              Filesize

              5KB

              MD5

              564404622cc45811094239bb48180520

              SHA1

              03550cbb37594de047ebf4937ace97b783c3abe1

              SHA256

              c32e18df9ee36fb4f956d0a4c48bbf3d5a8bdb7b5a86c9bd729f3080876e5c4d

              SHA512

              48e64bed19c3152bcace0b9152701af0ed79c5beb17e6fd3154e12df12edd4b3ad75a037e349a6cb63383ba0ba0afbc276935d011d4298e6f0234d6aabb81e9b

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\u7f7s62srqfy
              Filesize

              212KB

              MD5

              e2ce09ee85297e044745003984203e44

              SHA1

              193813df25ccb863395e87e11984deeaae9e88ab

              SHA256

              e8bc54273d1524f120ff7063806b6eabd5fe4651a2e94f3ff2bee6915d1d8de1

              SHA512

              0d18e7b6942ecd913968f7943634165762afde56a0b4ce22841d453fecd4eb9adf513fed3268c318c2500bfeadf05dd948a17e29eaed3bc13d202064564d4829

              Download Submit

            • memory/2592-8-0x0000000000680000-0x0000000000682000-memory.dmp

              Filesize

              8KB

              Download