Overview

overview

10

Static

static

10

VSNKLGuzoF...2).exe

windows7-x64

3

VSNKLGuzoF...2).exe

windows10-2004-x64

3

VSNKLGuzoF...5w.exe

windows7-x64

3

VSNKLGuzoF...5w.exe

windows10-2004-x64

3

VideoCodeCX.exe

windows7-x64

10

VideoCodeCX.exe

windows10-2004-x64

10

WcsPlugInS...ex.exe

windows7-x64

5

WcsPlugInS...ex.exe

windows10-2004-x64

7

WinLocker Builder.exe

windows7-x64

5

WinLocker Builder.exe

windows10-2004-x64

5

WinLocker_Builder.exe

windows7-x64

5

WinLocker_Builder.exe

windows10-2004-x64

5

_003E0000.exe.vir.exe

windows7-x64

9

_003E0000.exe.vir.exe

windows10-2004-x64

7

vmem02.exe

windows7-x64

3

vmem02.exe

windows10-2004-x64

3

w8i9eHkHOwWwQlX.exe

windows7-x64

3

w8i9eHkHOwWwQlX.exe

windows10-2004-x64

3

wpbt0.exe

windows7-x64

10

wpbt0.exe

windows10-2004-x64

10

xpiofrbtkzhr.exe

windows7-x64

xpiofrbtkzhr.exe

windows10-2004-x64

xxx_video (2).exe

windows7-x64

7

xxx_video (2).exe

windows10-2004-x64

7

xxx_video.exe

windows7-x64

5

xxx_video.exe

windows10-2004-x64

5

xxx_video_...vi.exe

windows7-x64

10

xxx_video_...vi.exe

windows10-2004-x64

5

xxx_video_...ir.exe

windows7-x64

10

xxx_video_...ir.exe

windows10-2004-x64

5

xxx_video_...ir.exe

windows7-x64

10

xxx_video_...ir.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2024 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WcsPlugInService.ex.exe

  • Size

    113KB

  • MD5

    f9a974c8ed6793c226101c10af7542db

  • SHA1

    5719e5b45721af9ac9652332f2001d984e1d9a45

  • SHA256

    8f0c20eab317c9416ad6dd602013528dca8ee1467b111019fe6704ff8da6a241

  • SHA512

    1f00ca5c9fdb1ca8fe6d9b9728da6b3aac57b72e17e528ec37e77cdf6ae1cd52384b0ae8256e2f74f88ba87c9e90c575a0a8ebf729f894590fe71d5e6ce608d3

  • SSDEEP

    3072:pxuZMpyk7A79E6rdAXpRCxv/sqJ5SjTOaiZl7ObWlx+T:pYf79JAXKxHs0S3OaiZ1Oiv

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 40 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WcsPlugInService.ex.exe
    "C:\Users\Admin\AppData\Local\Temp\WcsPlugInService.ex.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4676
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\SysWOW64\msiexec.exe"
      2⤵
      • Deletes itself
      • Adds Run key to start application
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft Synchronization Services\SysFxUI.mui
    Filesize

    25KB

    MD5

    a07295962a5d43fa11c8bab7971b0b06

    SHA1

    9721abcb3bb245c1e4707e618658af0381161e91

    SHA256

    75825606662d3805cce161d3c6f932daed1fc08bf76445d053cf0c82c5f043fa

    SHA512

    fe37383067704a6e5043c5d0ea32a36f4867fda50f6650fc2dcaf85f1d16be84cbfe0fcb93fc45e4098d8b25a100848aa3d04726fea55d6efaa7f8093745ad43

    Download Submit

  • C:\Users\Admin\AppData\Roaming\53097
    Filesize

    116B

    MD5

    f4d91ef9a7aae74391696cded3ac938d

    SHA1

    e13c2c188937cd43abd1ab96d78dbc0178f6de06

    SHA256

    461a6829b9d22277f4c9ad242f5c7d8355139b0b3555196648ab97e8b7162929

    SHA512

    4b205c9a837ca538139f31f20d18a8d3e129d592a1e713dbfa36673409bdbf4deddb4fd7592e5097f25249667311c188406e29fb2edd1e4baddc7515d7c85f66

    Download Submit

  • memory/3004-19-0x0000000000E30000-0x0000000000E46000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-12-0x00000000001C0000-0x00000000001D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3004-14-0x00000000001C0000-0x00000000001D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3004-16-0x00000000001C0000-0x00000000001D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3004-17-0x0000000000E30000-0x0000000000E46000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-33-0x0000000001020000-0x0000000001029000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3004-46-0x0000000001020000-0x0000000001029000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4676-8-0x0000000000DE0000-0x0000000000DF5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4676-11-0x0000000000E00000-0x0000000000E39000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4676-0-0x0000000000E00000-0x0000000000E39000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4676-2-0x0000000000DE0000-0x0000000000DF5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4676-1-0x0000000002840000-0x0000000002859000-memory.dmp

    Filesize

    100KB

    Download