Overview

overview

10

Static

static

1

5a79981c4c...27.exe

windows7-x64

10

5a79981c4c...27.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2024, 22:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5a79981c4c34b77b391f444a8ac4fa87c270ce8677c385872adb51ba87876727.exe

  • Size

    3.0MB

  • MD5

    b7d0c72005a7b447059dfd00108c0132

  • SHA1

    56584a42822bb19bda4c79d8729996bff111f539

  • SHA256

    5a79981c4c34b77b391f444a8ac4fa87c270ce8677c385872adb51ba87876727

  • SHA512

    3a4c2d7be5c4352c44b24d7c52a22a2ca9be503c913e7e462e76473f5d2a04f805b8d24600e6e7c9e5c20a3770839def14f1375ad5b87ac05695a9d501dcfa4b

  • SSDEEP

    49152:tA4aPLjKowKuTTjEItjnIm/1jQVwvOjTY1tjlz3ZUSY8458BjISDdAQXiGHW:qXPLj9iEMjnIGj2w+cjlz3m/0jIaXdW

Score
10/10
floxifbackdoordiscoverytrojanupx

Malware Config

Signatures

  • Floxif family
    floxif
  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif
  • Detects Floxif payload 1 IoCs
    backdoor
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a79981c4c34b77b391f444a8ac4fa87c270ce8677c385872adb51ba87876727.exe
    "C:\Users\Admin\AppData\Local\Temp\5a79981c4c34b77b391f444a8ac4fa87c270ce8677c385872adb51ba87876727.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:880
    • \??\c:\e1960b5900144dec62c8\UPDATE\update.exe
      c:\e1960b5900144dec62c8\\UPDATE\update.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:908

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\System\symsrv.dll
          Filesize

          67KB

          MD5

          7574cf2c64f35161ab1292e2f532aabf

          SHA1

          14ba3fa927a06224dfe587014299e834def4644f

          SHA256

          de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

          SHA512

          4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

          Download Submit

        • C:\e1960b5900144dec62c8\UPDATE\UPDSPAPI.dll.tmp
          Filesize

          446KB

          MD5

          3d1494034a20afac260e66508ed0a308

          SHA1

          ed83cd71adfc07012ae043b6ca97bcaa8dac1fa9

          SHA256

          40dcebce3670b4d51247c1de7767d11b691e934841e75ad3f281d35c91a3a67f

          SHA512

          e2db0db8fb1fe517788179917c62d78f505c0d48bac0829a48becf116f3361e8b1d85adebcd6155c4477e43b0f806ee4fe08a4bde0eb5bfda575f9f959beab89

          Download Submit

        • C:\e1960b5900144dec62c8\UPDATE\update.exe
          Filesize

          725KB

          MD5

          50914702cb6c72275018643c557ef8c5

          SHA1

          a60b307966ae1329ff1c16f187117768179bb719

          SHA256

          a0b2b5e50eff3968c6c05cf18fc93ba3fd2a5de6c35bda609b14e9247e99d2e3

          SHA512

          4005b7da7eab74d9be1c7847f0485354bfff974c0cf88a2bcc0a30168665218671721e784b55b6038bbb2399927850d607e5aaa178b290be91e636d988e76bfc

          Download Submit

        • C:\e1960b5900144dec62c8\UPDATE\updspapi.dll
          Filesize

          370KB

          MD5

          9a055da2f2819f155c33d47cd67a7c00

          SHA1

          1ca0a282dbd483972b40bf4ccff4f747227f422c

          SHA256

          0acbbaa648ffbcc6375736dd35ee7a20bfcf5976dfc558ca72d820e7f7cdad85

          SHA512

          cf137d691c6a6c3e6611f2af4ccd462f291ab49f430a9fe4ff2746a4f3856255ec5d1551ff408b437b573000322131c9bd78fae74cace812ae81441df52a7a49

          Download Submit

        • \??\c:\e1960b5900144dec62c8\update\branches.inf
          Filesize

          957B

          MD5

          5a4be9491d2a436af79e1efaa1a72692

          SHA1

          1dd8f7c8dafb2f14a1a56d843571cef57e2689c7

          SHA256

          5218b322e0d95478dcbf4993a418c232fde3304d25cca64a9874bafdb0ffd4fc

          SHA512

          2413c0df80cf47c4a783586cdcd3cce520d675a19ba35add85fd402ff1c6bc0dd69bd62e592d971beaaae61680910bc589c752d12d93194c3427cc5cb8c95f3c

          Download Submit

        • \??\c:\e1960b5900144dec62c8\update\update_SP2QFE.inf
          Filesize

          49KB

          MD5

          55d0da032e6135d673c2153e36a4bee2

          SHA1

          834f6a2366941181e3ebc770d42f44ca3f0b9851

          SHA256

          f6be29e817861b5043b5c0a2bdd6e14216d3478f08dccaae841a88a42fad701f

          SHA512

          4785c18a7e1e5544cf20dbf33a3b908448d538a5fbee112048bf585c5e58d010d4461d6dac011a440d886c46927c65e0b86385ffc25a9a5930bad5a371591a06

          Download Submit

        • \??\c:\e1960b5900144dec62c8\update\updatebr.inf
          Filesize

          411B

          MD5

          6acc9ff4091fd18ac3c69295a2d5d294

          SHA1

          2d49a882a0260ffcf326df732fb3ff30c06a0a2f

          SHA256

          032864ad093d4b88fca35dd4e25bf40a2cd3ede8166275f55e65c93058f17061

          SHA512

          6ea5274df62cb188cbbdac53255fc690483e445e2b86a36d02a94284bd449695cfb8c4c2a11843f2a0c1a93cc6eeffe32bdeda4d3f49fff3082ca65b732af829

          Download Submit

        • memory/880-90-0x0000000010000000-0x0000000010030000-memory.dmp

          Filesize

          192KB

          Download

        • memory/880-10-0x0000000000980000-0x00000000009A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/880-9-0x0000000000980000-0x00000000009A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/880-1-0x0000000000986000-0x0000000000987000-memory.dmp

          Filesize

          4KB

          Download

        • memory/880-5-0x0000000010000000-0x0000000010030000-memory.dmp

          Filesize

          192KB

          Download

        • memory/880-89-0x0000000000986000-0x0000000000987000-memory.dmp

          Filesize

          4KB

          Download

        • memory/880-91-0x0000000000980000-0x00000000009A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/880-94-0x0000000000980000-0x00000000009A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/880-153-0x0000000010000000-0x0000000010030000-memory.dmp

          Filesize

          192KB

          Download

        • memory/880-154-0x0000000000980000-0x00000000009A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/908-74-0x00000000005D0000-0x000000000062E000-memory.dmp

          Filesize

          376KB

          Download

        • memory/908-97-0x00000000005D0000-0x000000000062E000-memory.dmp

          Filesize

          376KB

          Download

        • memory/908-98-0x00000000005D0000-0x000000000062E000-memory.dmp

          Filesize

          376KB

          Download