Overview

overview

10

Static

static

10

Exodus-12.20.rar

windows7-x64

7

Exodus-12.20.rar

windows10-2004-x64

1

Exodus-12....PS.cso

windows7-x64

3

Exodus-12....PS.cso

windows10-2004-x64

3

Exodus-12....ed.cso

windows7-x64

3

Exodus-12....ed.cso

windows10-2004-x64

3

Exodus-12....ox.cso

windows7-x64

3

Exodus-12....ox.cso

windows10-2004-x64

3

Exodus-12....le.cso

windows7-x64

3

Exodus-12....le.cso

windows10-2004-x64

3

Exodus-12....er.cso

windows7-x64

3

Exodus-12....er.cso

windows10-2004-x64

3

Exodus-12....CT.cso

windows7-x64

3

Exodus-12....CT.cso

windows10-2004-x64

3

Exodus-12....TX.cso

windows7-x64

3

Exodus-12....TX.cso

windows10-2004-x64

3

Exodus-12....TX.cso

windows7-x64

3

Exodus-12....TX.cso

windows10-2004-x64

3

Exodus-12....CT.cso

windows7-x64

3

Exodus-12....CT.cso

windows10-2004-x64

3

Exodus-12....TT.cso

windows7-x64

3

Exodus-12....TT.cso

windows10-2004-x64

3

Exodus-12....TT.cso

windows7-x64

3

Exodus-12....TT.cso

windows10-2004-x64

3

Exodus-12....TX.cso

windows7-x64

3

Exodus-12....TX.cso

windows10-2004-x64

3

Exodus-12....TX.cso

windows7-x64

3

Exodus-12....TX.cso

windows10-2004-x64

3

Exodus-12....CT.cso

windows7-x64

3

Exodus-12....CT.cso

windows10-2004-x64

3

Exodus-12....TT.cso

windows7-x64

3

Exodus-12....TT.cso

windows10-2004-x64

3

Analysis

  • max time kernel
    22s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Exodus-12.20.rar

  • Size

    107.8MB

  • MD5

    0eb1d9d05ecf3fbb9fc61fbc2bb98db4

  • SHA1

    095aaa4f949a5b8c98b9042916c6feaed77ee4ad

  • SHA256

    b5748bdb4ab2a7132b1bec0c0e421e18d71b8ecb73351c6ae1ce6239c9c55462

  • SHA512

    f2655ed4b339e70fac6c5962332869807edec9d761df9f68cc2419b1ee7fd786bb370b9e3ab35cbd5d751f9a5df3778895a9e977acf9b7749155c71d97c7aa11

  • SSDEEP

    3145728:/+YDA1+OhPQKFip4i2rZ78kHDyKwuHloqqtrwNVO:WIa+OBQKFY4N0P0lo7B

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Exodus-12.20.rar"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Users\Admin\AppData\Local\Temp\7zO887ADDD6\X2cfo4pBGH21.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO887ADDD6\X2cfo4pBGH21.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Users\Admin\AppData\Local\Temp\7zO887ADDD6\X2cfo4pBGH21.exe
        "C:\Users\Admin\AppData\Local\Temp\7zO887ADDD6\X2cfo4pBGH21.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2772
    • C:\Users\Admin\AppData\Local\Temp\7zO88723007\X2cfo4pBGH21.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO88723007\X2cfo4pBGH21.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Users\Admin\AppData\Local\Temp\7zO88723007\X2cfo4pBGH21.exe
        "C:\Users\Admin\AppData\Local\Temp\7zO88723007\X2cfo4pBGH21.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20962\python311.dll
    Filesize

    5.5MB

    MD5

    387bb2c1e40bde1517f06b46313766be

    SHA1

    601f83ef61c7699652dec17edd5a45d6c20786c4

    SHA256

    0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

    SHA512

    521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI25642\cryptography-44.0.0.dist-info\INSTALLER
    Filesize

    4B

    MD5

    365c9bfeb7d89244f2ce01c1de44cb85

    SHA1

    d7a03141d5d6b1e88b6b59ef08b6681df212c599

    SHA256

    ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

    SHA512

    d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

    Download Submit