Overview
overview
10Static
static
10Malware-1-...30.exe
windows11-21h2-x64
10Malware-1-...40.exe
windows11-21h2-x64
10Malware-1-...32.exe
windows11-21h2-x64
10Malware-1-.../5.exe
windows11-21h2-x64
10Malware-1-...91.exe
windows11-21h2-x64
10Malware-1-...ey.exe
windows11-21h2-x64
7Malware-1-...ad.exe
windows11-21h2-x64
3Malware-1-...ti.exe
windows11-21h2-x64
5Malware-1-...an.bat
windows11-21h2-x64
7Malware-1-...an.exe
windows11-21h2-x64
5Malware-1-...ve.bat
windows11-21h2-x64
7Malware-1-...ve.exe
windows11-21h2-x64
6Malware-1-...ya.exe
windows11-21h2-x64
Malware-1-...re.exe
windows11-21h2-x64
10Malware-1-...ry.exe
windows11-21h2-x64
10Malware-1-...ck.exe
windows11-21h2-x64
3Malware-1-...he.exe
windows11-21h2-x64
10Malware-1-...op.exe
windows11-21h2-x64
7Malware-1-...rb.exe
windows11-21h2-x64
10Malware-1-...ue.exe
windows11-21h2-x64
1Malware-1-...ng.exe
windows11-21h2-x64
6Malware-1-...kt.bat
windows11-21h2-x64
7Malware-1-...o3.exe
windows11-21h2-x64
10Malware-1-...ey.exe
windows11-21h2-x64
10Malware-1-.../m.exe
windows11-21h2-x64
Malware-1-...o3.exe
windows11-21h2-x64
9Malware-1-...32.exe
windows11-21h2-x64
10Malware-1-...nf.exe
windows11-21h2-x64
10Malware-1-.../o.exe
windows11-21h2-x64
3Malware-1-...B8.exe
windows11-21h2-x64
10Malware-1-...ig.exe
windows11-21h2-x64
10Malware-1-...rv.exe
windows11-21h2-x64
10Analysis
-
max time kernel
763s -
max time network
537s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/01/2025, 13:33
Behavioral task
behavioral1
Sample
Malware-1-master/2530.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Malware-1-master/2887140.exe
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
Malware-1-master/32.exe
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
Malware-1-master/5.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Malware-1-master/96591.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
Malware-1-master/Amadey.exe
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
Malware-1-master/Download.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
Malware-1-master/Illuminati.exe
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win11-20241023-en
Behavioral task
behavioral13
Sample
Malware-1-master/Petya.exe
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
Malware-1-master/Software.exe
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
Malware-1-master/WannaCry.exe
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
Malware-1-master/apache.exe
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
Malware-1-master/butterflyondesktop.exe
Resource
win11-20241023-en
Behavioral task
behavioral19
Sample
Malware-1-master/crb.exe
Resource
win11-20241007-en
Behavioral task
behavioral20
Sample
Malware-1-master/eternalblue.exe
Resource
win11-20241007-en
Behavioral task
behavioral21
Sample
Malware-1-master/fear.png.exe
Resource
win11-20241007-en
Behavioral task
behavioral22
Sample
Malware-1-master/getr3kt.bat
Resource
win11-20241007-en
Behavioral task
behavioral23
Sample
Malware-1-master/iimo3.exe
Resource
win11-20241007-en
Behavioral task
behavioral24
Sample
Malware-1-master/jey.exe
Resource
win11-20241007-en
Behavioral task
behavioral25
Sample
Malware-1-master/m.exe
Resource
win11-20241007-en
Behavioral task
behavioral26
Sample
Malware-1-master/mo3.exe
Resource
win11-20241007-en
Behavioral task
behavioral27
Sample
Malware-1-master/mo332.exe
Resource
win11-20241007-en
Behavioral task
behavioral28
Sample
Malware-1-master/mysqlconf.exe
Resource
win11-20241007-en
Behavioral task
behavioral29
Sample
Malware-1-master/o.exe
Resource
win11-20241007-en
Behavioral task
behavioral30
Sample
Malware-1-master/qOA7iZJcoB8.exe
Resource
win11-20241007-en
Behavioral task
behavioral31
Sample
Malware-1-master/rig.exe
Resource
win11-20241007-en
Behavioral task
behavioral32
Sample
Malware-1-master/sserv.exe
Resource
win11-20241007-en
General
-
Target
Malware-1-master/Download.exe
-
Size
247KB
-
MD5
6a97f4f16e7879967a5c02d143d0bd46
-
SHA1
0898ccf65770813f69bf339462a05a8c6e17be69
-
SHA256
de2274da8cf00dfc6e6e52db43f82210a1fb7fd30016ebdc81347fb2d1f248fa
-
SHA512
0bc14103518a2e234f4e3f4ddc46e91a1ed21c2885fd4eb27d3cf8cd088e4fa4fffcc221ddb404f52794c57d6693b2ce080e797bf33f2322490030e0fce0ac27
-
SSDEEP
3072:ZV3bDzHY2weWeFoyUWfMRBsfpVZynzK4ChhO2IGmXf3Ur3CvZJnodCKJYsUH+Iun:ZBbDzHY0UsfPwUIvOd1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Download.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString POWERPNT.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU POWERPNT.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2116 POWERPNT.EXE -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4544 Download.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2116 POWERPNT.EXE 2116 POWERPNT.EXE 2116 POWERPNT.EXE 2116 POWERPNT.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\Download.exe"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\Download.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4544
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\Desktop\UnblockProtect.ppsm" /ou ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2116
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\Desktop\UnblockProtect.ppsm" /ou ""1⤵PID:3084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83B
MD5b6b45257616514821e43d1693476ae09
SHA1693b474ee7860db960cec6c4cb5245eb9e9c007a
SHA256abc4fa36d3ed79487a572a4a55bcbe2075df7432ab2abba716e324fdef96de18
SHA51277848d9fc9bdec2ccb03f7ab519fa0948ad0ef63b68df660f2916b4ee240a407cd17f0555f3576d56e6fe977473832cc7709af943d4a900e9244450ea26a90de