Overview
overview
10Static
static
10The-MALWAR...ug.exe
windows7-x64
The-MALWAR...le.exe
windows7-x64
3The-MALWAR...an.bat
windows7-x64
1The-MALWAR...Lz.bat
windows7-x64
8The-MALWAR...ou.exe
windows7-x64
1The-MALWAR...MZ.exe
windows7-x64
7The-MALWAR...st.exe
windows7-x64
8The-MALWAR...er.exe
windows7-x64
8The-MALWAR...RC.exe
windows7-x64
8The-MALWAR...er.exe
windows7-x64
3The-MALWAR....a.exe
windows7-x64
The-MALWAR...rk.exe
windows7-x64
9The-MALWAR...an.exe
windows7-x64
The-MALWAR...98.exe
windows7-x64
1The-MALWAR...aj.exe
windows7-x64
7The-MALWAR...jB.exe
windows7-x64
7The-MALWAR...om.exe
windows7-x64
6The-MALWAR...1C.exe
windows7-x64
5The-MALWAR...90.exe
windows7-x64
9The-MALWAR...6a.exe
windows7-x64
9The-MALWAR...it.exe
windows7-x64
1The-MALWAR...m_.eml
windows7-x64
The-MALWAR...ng.exe
windows7-x64
7The-MALWAR....a.exe
windows7-x64
10The-MALWAR...1A.exe
windows7-x64
8The-MALWAR...as.exe
windows7-x64
6The-MALWAR...te.exe
windows7-x64
7The-MALWAR....a.exe
windows7-x64
3The-MALWAR...le.exe
windows7-x64
3The-MALWAR...us.exe
windows7-x64
10The-MALWAR...er.exe
windows7-x64
7The-MALWAR...ff.exe
windows7-x64
3Analysis
-
max time kernel
642s -
max time network
653s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
13-12-2024 22:18
Static task
static1
Behavioral task
behavioral1
Sample
The-MALWARE-Repo-master/Trojan/ColorBug.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
The-MALWARE-Repo-master/Trojan/DesktopPuzzle.exe
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
The-MALWARE-Repo-master/Trojan/DudleyTrojan.bat
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
The-MALWARE-Repo-master/Trojan/L0Lz.bat
Resource
win7-20240903-en
Behavioral task
behavioral5
Sample
The-MALWARE-Repo-master/Trojan/LoveYou.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
The-MALWARE-Repo-master/Trojan/MEMZ.exe
Resource
win7-20240903-en
Behavioral task
behavioral7
Sample
The-MALWARE-Repo-master/Trojan/Mist/MistInfected_newest.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
The-MALWARE-Repo-master/Trojan/Mist/MistInstaller.exe
Resource
win7-20241010-en
Behavioral task
behavioral9
Sample
The-MALWARE-Repo-master/Trojan/Mist/MistInstallerRC.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
The-MALWARE-Repo-master/Trojan/PCToaster.exe
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
The-MALWARE-Repo-master/Trojan/Sevgi.a.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
The-MALWARE-Repo-master/Trojan/Spark/Spark.exe
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
The-MALWARE-Repo-master/Virus/MadMan.exe
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
The-MALWARE-Repo-master/Virus/WinNuke.98.exe
Resource
win7-20241010-en
Behavioral task
behavioral15
Sample
The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe
Resource
win7-20241023-en
Behavioral task
behavioral17
Sample
The-MALWARE-Repo-master/Worm/Bezilom.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
The-MALWARE-Repo-master/Worm/Blaster/607B60AD512C50B7D71DCCC057E85F1C.exe
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
The-MALWARE-Repo-master/Worm/Blaster/8676210e6246948201aa014db471de90.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
The-MALWARE-Repo-master/Worm/Blaster/8a17f336f86e81f04d8e66fa23f9b36a.exe
Resource
win7-20240903-en
Behavioral task
behavioral21
Sample
The-MALWARE-Repo-master/Worm/Blaster/DComExploit.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
The-MALWARE-Repo-master/Worm/Blaster/SANS_ Malware FAQ_ What is W32_Blaster worm_.eml
Resource
win7-20240708-en
Behavioral task
behavioral23
Sample
The-MALWARE-Repo-master/Worm/Bumerang.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
The-MALWARE-Repo-master/Worm/Fagot.a.exe
Resource
win7-20240729-en
Behavioral task
behavioral25
Sample
The-MALWARE-Repo-master/Worm/Heap41A.exe
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
The-MALWARE-Repo-master/Worm/Mantas.exe
Resource
win7-20241010-en
Behavioral task
behavioral27
Sample
The-MALWARE-Repo-master/Worm/NadIote/Nadlote.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
The-MALWARE-Repo-master/Worm/Netres.a.exe
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
The-MALWARE-Repo-master/Worm/Nople.exe
Resource
win7-20241023-en
Behavioral task
behavioral30
Sample
The-MALWARE-Repo-master/Worm/Vobfus/Vobus.exe
Resource
win7-20241010-en
Behavioral task
behavioral31
Sample
The-MALWARE-Repo-master/rogues/AdwereCleaner.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
The-MALWARE-Repo-master/rogues/SpySheriff.exe
Resource
win7-20240903-en
Errors
General
-
Target
The-MALWARE-Repo-master/Trojan/Sevgi.a.exe
-
Size
203KB
-
MD5
b28505a8050446af4638319060e006e9
-
SHA1
d3ddca0f06af4df29a9f9fadb6bad8504add5525
-
SHA256
750e37d1fdd64e9ea015272a0db6720ac9a8d803dc0caad29d0653756a8e5b17
-
SHA512
889dc35054f5adc5b5445fc90dae5e19fe95ee04432f5230994124b73f9a1fc4bb050aac789f4934c84ed42d8c063b8219563e33a48b92f10294b7d8e426b9f9
-
SSDEEP
3072:M7PDcEPPhtIlT5ri9bOqStDvzvSheG3ivbV0EIU9j4szgGGl/2tdnpm7no3:qPDcEPZSTrsyLzSovp0PGUGkQnY7o3
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Netagent = "c:\\windows\\system\\sysfile.exe" Sevgi.a.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Sevgi.a.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1488 Sevgi.a.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe 1488 Sevgi.a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\Sevgi.a.exe"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\Sevgi.a.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1488
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:1460
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:448