Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
02-01-2025 04:18
General
-
Target
28320e37f78684d5e3aedfe0eccae074a66833c25ce34e811fbc99411f8d9b46N.exe
-
Size
205KB
-
MD5
70a59c5b3f30b03a244339db10f54710
-
SHA1
fc3596aea8ee60c232e590102a2a189ee41d464c
-
SHA256
28320e37f78684d5e3aedfe0eccae074a66833c25ce34e811fbc99411f8d9b46
-
SHA512
1f839afec2c5968e5e91165e9465340440a486c1c65b59b8f590cd75413a32f6ebc13a03f726bc9ee076ee64f47d8357decb61f12b339fa62a580551208ef8af
-
SSDEEP
3072:tZx8gJs7HnU+JOoutueXlt2lQBV+UdE+rECWp7hK6:v2As7HnUroS3BV+UdvrEFp7hK6
Malware Config
Signatures
-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
UAC bypass 3 TTPs 2 IoCs
-
Windows security bypass 2 TTPs 2 IoCs
-
Detects Floxif payload 1 IoCs
-
Drops file in Drivers directory 2 IoCs
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 5 IoCs
-
Windows security modification 2 TTPs 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file 11 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\28320e37f78684d5e3aedfe0eccae074a66833c25ce34e811fbc99411f8d9b46N.exe"C:\Users\Admin\AppData\Local\Temp\28320e37f78684d5e3aedfe0eccae074a66833c25ce34e811fbc99411f8d9b46N.exe"1⤵
- UAC bypass
- Windows security bypass
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Roaming\MusaLLaT.exeC:\Users\Admin\AppData\Roaming\MusaLLaT.exe2⤵
- UAC bypass
- Windows security bypass
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Adds Run key to start application
- Checks whether UAC is enabled
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1AppInit DLLs
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129KB
MD583e805f1fae9efa885f4bb9d4ce2d257
SHA1ba069bc10b1ed92dcdd526bd70ab35a326a641a4
SHA2564d801a473cf18043b59130f87aebacc82d5def1044837dd2758f7fec37f91396
SHA51280073ebb1a733eae91fdd3fc794b719f8aff8dacc528935d7ba4969f45930feef6e5604c759f8fa560f417d3fdb892c8b408b5bcb2650bce58b83be72c162891
-
Filesize
67KB
MD57574cf2c64f35161ab1292e2f532aabf
SHA114ba3fa927a06224dfe587014299e834def4644f
SHA256de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA5124db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab
-
Filesize
205KB
MD5156594e994dbe61513159bb02a2508f5
SHA123e34cde1ae05b2a7f5b4214d623fd0823063071
SHA2564206e49f2077f0e9064925f9f11d6d7ea036a3ddf9ec0fb661bfe1f7b6040aa0
SHA5128aa1fffe99ac13967874b577cdbd1a98ee61fbde6ea75883d71a61fdfd1a213126dfc12e45ec4909a2b3b7114e9a6ba7650850a149f59e44e27b60bad4eaef01
-
Filesize
636KB
-
Filesize
636KB
-
Filesize
636KB
-
Filesize
192KB
-
Filesize
636KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
636KB
-
Filesize
636KB
-
Filesize
192KB
-
Filesize
636KB