Overview

overview

10

Static

static

6

516874.exe

windows7-x64

7

5479329c03...a2.exe

windows7-x64

10

54ab323053...1f.exe

windows7-x64

9

5600.exe

windows7-x64

6

56a9736b82...7a.exe

windows7-x64

10

59ddf36a9e...ws.dll

windows7-x64

10

5C53687F73...ViR.js

windows7-x64

3

5bfae47c9f..._2.dll

windows7-x64

1

5c6416f819...be.exe

windows7-x64

1

5f1fcdfb95...1c.exe

windows7-x64

10

5fc9230812...e9.exe

windows7-x64

9

61318fa1f1...5F.exe

windows7-x64

7

61318fa1f1...5B.exe

windows7-x64

7

6184f1def4...ss.exe

windows7-x64

7

61bc10e8ed...3e.exe

windows7-x64

7

6217ea6bb8...f5.apk

windows7-x64

3

62ebcfeeff...C3.exe

windows7-x64

7

62ebcfeeff...BB.exe

windows7-x64

7

647f242.exe.vir.exe

windows7-x64

9

64bfea1efc...99.exe

windows7-x64

9

64f540a7c6...B3.exe

windows7-x64

7

64f540a7c6...77.exe

windows7-x64

7

6916a006c4...9a.exe

windows7-x64

7

69ee634973...df.exe

windows7-x64

6f772eb660...bc.exe

windows7-x64

7

7077437251...e9.exe

windows7-x64

1

7175d6bb11...2b.exe

windows7-x64

9

728733095f...on.dll

windows7-x64

8

73c3d88d0d...5F.exe

windows7-x64

7

73c3d88d0d...BF.exe

windows7-x64

7

74add6536c...ef.exe

windows7-x64

10

757a661bcc...d8.exe

windows7-x64

7

Analysis

  • max time kernel
    1173s
  • max time network
    1174s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5479329c03e12e27adc81caeefe1a1dc26bf59d4dac36dd2eae008213e8fe0a2.exe

  • Size

    152KB

  • MD5

    7469c1ee0827a289fa775f4a5656e5f9

  • SHA1

    0392ccbd6b894cbc10e325801ddd1220b22bff13

  • SHA256

    5479329c03e12e27adc81caeefe1a1dc26bf59d4dac36dd2eae008213e8fe0a2

  • SHA512

    24723a6de103c8d1a97bb70bc46fd3e1b34127337d25b655586e8763d4ca03b93267851cefeed0daff9b05d579b68f517f10c346cff1e4559b4ef2cf6c12be85

  • SSDEEP

    3072:7IynAd9u9GuIPmsy/FMd/rUCvb87SwoYQp:7IKgUGuGmXivbsKY

Score
10/10
discoveryevasionpersistencetrojan

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Deletes itself 1 IoCs
  • Blocklisted process makes network request 64 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5479329c03e12e27adc81caeefe1a1dc26bf59d4dac36dd2eae008213e8fe0a2.exe
    "C:\Users\Admin\AppData\Local\Temp\5479329c03e12e27adc81caeefe1a1dc26bf59d4dac36dd2eae008213e8fe0a2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Users\Admin\AppData\Local\Temp\5479329c03e12e27adc81caeefe1a1dc26bf59d4dac36dd2eae008213e8fe0a2.exe
      C:\Users\Admin\AppData\Local\Temp\5479329c03e12e27adc81caeefe1a1dc26bf59d4dac36dd2eae008213e8fe0a2.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1292
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\system32\msiexec.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2448
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\system32\msiexec.exe"
        3⤵
        • Modifies visiblity of hidden/system files in Explorer
        • UAC bypass
        • Adds policy Run key to start application
        • Deletes itself
        • Blocklisted process makes network request
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1292-4-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1292-1-0x0000000000300000-0x0000000000400000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1292-12-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1292-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1292-8-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1292-6-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1292-9-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1292-2-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1292-13-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2448-14-0x0000000000F10000-0x0000000000F24000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2448-15-0x0000000000F10000-0x0000000000F24000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2448-17-0x0000000000F10000-0x0000000000F24000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2516-0-0x00000000003B0000-0x00000000003B5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2836-31-0x00000000000D0000-0x00000000000D8000-memory.dmp

    Filesize

    32KB

    Download