Overview

overview

10

Static

static

10

0c5b00311b...5e.exe

windows10-2004-x64

7

1618780b85...13.vbs

windows7-x64

8

1618780b85...13.vbs

windows10-2004-x64

8

31d2bac123...c0.exe

windows7-x64

10

31d2bac123...c0.exe

windows10-2004-x64

10

3e0a6e80d4...1c.xls

windows7-x64

3

3e0a6e80d4...1c.xls

windows10-2004-x64

1

5489a717a2...f8.exe

windows7-x64

10

5489a717a2...f8.exe

windows10-2004-x64

10

63f2e49bd1...c6.msi

windows7-x64

10

63f2e49bd1...c6.msi

windows10-2004-x64

10

719d53c106...d2.exe

windows7-x64

10

719d53c106...d2.exe

windows10-2004-x64

10

8411add8ba...e8.dll

windows7-x64

1

8411add8ba...e8.dll

windows10-2004-x64

1

88b0765750...b0.exe

windows7-x64

10

88b0765750...b0.exe

windows10-2004-x64

10

9cb1756afd...71.exe

windows7-x64

3

9cb1756afd...71.exe

windows10-2004-x64

3

REP_894198...17.doc

windows7-x64

10

REP_894198...17.doc

windows10-2004-x64

10

d472c89510...54.xls

windows7-x64

3

d472c89510...54.xls

windows10-2004-x64

1

dcc72f90c1...21.exe

windows7-x64

10

dcc72f90c1...21.exe

windows10-2004-x64

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2024 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.exe

  • Size

    7.9MB

  • MD5

    0396163369529cd5b010e3c35a2066c5

  • SHA1

    c3f58efd6dc957d0baf6eb71e0f6539e5eb3d596

  • SHA256

    31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0

  • SHA512

    6805f80c0979432ff1e3adfed34fd8a30d8a79b839796dc94329b409892e4a5809df9728158dc782c78417badabbf20a058949814b37fc4f99a53c293d68e968

  • SSDEEP

    196608:dhd3YhVbbGfzH8dFXKH3ARHMjDB5braO5F5KMA7z0fCnIRBR:dnYTbuzH8dFaHfjVxronSCIPR

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Signatures

  • Detect Socks5Systemz Payload 3 IoCs
  • Socks5Systemz

    Socks5Systemz is a botnet written in C++.

    botnetsocks5systemz
  • Socks5systemz family
    socks5systemz
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.exe
    "C:\Users\Admin\AppData\Local\Temp\31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3348
    • C:\Users\Admin\AppData\Local\Temp\is-REC3U.tmp\31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-REC3U.tmp\31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.tmp" /SL5="$70166,8045603,54272,C:\Users\Admin\AppData\Local\Temp\31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Users\Admin\AppData\Local\Zexter Video Codec\zextervideocodec32_64.exe
        "C:\Users\Admin\AppData\Local\Zexter Video Codec\zextervideocodec32_64.exe" -i
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-LJOIH.tmp\_isetup\_iscrypt.dll
    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-LJOIH.tmp\_isetup\_isdecmp.dll
    Filesize

    13KB

    MD5

    a813d18268affd4763dde940246dc7e5

    SHA1

    c7366e1fd925c17cc6068001bd38eaef5b42852f

    SHA256

    e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

    SHA512

    b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-REC3U.tmp\31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.tmp
    Filesize

    692KB

    MD5

    16c9d19ab32c18671706cefee19b6949

    SHA1

    fca23338cb77068e1937df4e59d9c963c5548cf8

    SHA256

    c1769524411682d5a204c8a40f983123c67efeadb721160e42d7bbfe4531eb70

    SHA512

    32b4b0b2fb56a299046ec26fb41569491e8b0cd2f8bec9d57ec0d1ad1a7860eec72044dab2d5044cb452ed46e9f21513eab2171bafa9087af6d2de296455c64b

    Download Submit

  • C:\Users\Admin\AppData\Local\Zexter Video Codec\zextervideocodec32_64.exe
    Filesize

    2.5MB

    MD5

    4ac9b0be70b6e01bfd47ffa47289ded7

    SHA1

    a8e99f68a9dea6f3c0a0767c4341716236d366e9

    SHA256

    a241c183e38754017f08936a0c6e71588eacafc44c656110c071032f5b6fd159

    SHA512

    ba22f267944cb8fcb8729e99e62db7ef27eaf38c2c613cd6c4106250eaabec4546b387f465330410b006535b4dd9226fbda12c22d6ec29795fc296c82e9c52a8

    Download Submit

  • memory/1628-181-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-209-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-227-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-170-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-171-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-173-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-224-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-219-0x0000000000970000-0x0000000000A12000-memory.dmp

    Filesize

    648KB

    Download

  • memory/1628-177-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-178-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-220-0x0000000000970000-0x0000000000A12000-memory.dmp

    Filesize

    648KB

    Download

  • memory/1628-184-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-187-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-190-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-194-0x0000000000970000-0x0000000000A12000-memory.dmp

    Filesize

    648KB

    Download

  • memory/1628-195-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-202-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-205-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-206-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-218-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-212-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1628-215-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3064-8-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

    Download

  • memory/3064-174-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

    Download

  • memory/3348-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3348-175-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3348-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download