Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/12/2024, 19:28 UTC

General

  • Target

    c410f8bbf6da4fd86596dc09c841a28c328001ded916fa7118f7c4cbb92e961a.exe

  • Size

    278KB

  • MD5

    96af26162cd7c2e6dd50b22c0a29ab51

  • SHA1

    59e365fba27f4d045bcddecbfa8f8d88eac49420

  • SHA256

    c410f8bbf6da4fd86596dc09c841a28c328001ded916fa7118f7c4cbb92e961a

  • SHA512

    efe8d9d3d14c05a8ce9a42536177affe3e0bd216be687f3e2978779cde0548616061dd43e90bce990a46dcfc683d60836399eae65d3fea803a5410d4ae6b246b

  • SSDEEP

    6144:aA7l/DRfkZlsC3dM7B+WCeBV+UdvrEFp7hKuV:aA7lbRfkZz6B+WCeBjvrEH7XV

Malware Config

Signatures

  • Floxif family
  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

  • Detects Floxif payload 1 IoCs
  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c410f8bbf6da4fd86596dc09c841a28c328001ded916fa7118f7c4cbb92e961a.exe
    "C:\Users\Admin\AppData\Local\Temp\c410f8bbf6da4fd86596dc09c841a28c328001ded916fa7118f7c4cbb92e961a.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Common Files\System\symsrv.dll

    Filesize

    67KB

    MD5

    7574cf2c64f35161ab1292e2f532aabf

    SHA1

    14ba3fa927a06224dfe587014299e834def4644f

    SHA256

    de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

    SHA512

    4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

  • memory/2936-3-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

  • memory/2936-7-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

  • memory/2936-5-0x0000000000EC0000-0x0000000000EF5000-memory.dmp

    Filesize

    212KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.