Overview

overview

10

Static

static

3

b4b1a09c9c...0N.exe

windows7-x64

10

b4b1a09c9c...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-02-2025 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4b1a09c9cc23584f3795b3405d3dc368acae0939ce3e7d5cf6296abe9389d60N.exe

  • Size

    258KB

  • MD5

    9122ab0c9ab2c34b32c1bdf4e10fc1f0

  • SHA1

    0bda5614b26af11915b3648b4c3c0ed16ee529a3

  • SHA256

    b4b1a09c9cc23584f3795b3405d3dc368acae0939ce3e7d5cf6296abe9389d60

  • SHA512

    26f4e5c163b43435055f87c97ecda55c6c2e6f847d8a173d8fcc1d5a84d6484715313131fbfcea576a06b368859b61e7c988139b1af42371411988efb4a18c7b

  • SSDEEP

    3072:3FgNx7UOOrEHuOMwhvLqJhacw8kgrY1ymk2+oRVDqc9ZZIap1ak4yfeVMB0anXBQ:36TOrEHJNUkgU5m0ZOMcCWw+PGlW

Score
10/10
simdadiscoverypersistencestealertrojan

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Simda family
    simda
  • simda

    Simda is an infostealer written in C++.

    stealertrojansimda
  • Downloads MZ/PE file 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4b1a09c9cc23584f3795b3405d3dc368acae0939ce3e7d5cf6296abe9389d60N.exe
    "C:\Users\Admin\AppData\Local\Temp\b4b1a09c9cc23584f3795b3405d3dc368acae0939ce3e7d5cf6296abe9389d60N.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Modifies WinLogon
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:628
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkU1RDJBMDItOEMxOS00NEM3LUE1QUQtQUI4Nzg0NjJFMzgzfSIgdXNlcmlkPSJ7QThDMEZBQzMtMjhGMi00N0YwLTgyOUItNTI0MzYxRkI1REFDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Nzk3RDEyODktRDBCMC00OEEyLUEyNjAtNDg4QjhBNkEzNDhFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY4ODkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTM2NTgwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTU0ODY2NDMyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:1768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/628-1-0x0000000000AA0000-0x0000000000B07000-memory.dmp

    Filesize

    412KB

    Download

  • memory/628-0-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/628-2-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/628-4-0x0000000000B10000-0x0000000000BC2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/628-5-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/628-3-0x0000000000970000-0x0000000000971000-memory.dmp

    Filesize

    4KB

    Download

  • memory/628-6-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-20-0x0000000002800000-0x0000000002801000-memory.dmp

    Filesize

    4KB

    Download

  • memory/628-19-0x0000000002800000-0x0000000002801000-memory.dmp

    Filesize

    4KB

    Download

  • memory/628-17-0x0000000002800000-0x0000000002801000-memory.dmp

    Filesize

    4KB

    Download

  • memory/628-10-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-8-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-103-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-111-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-110-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-108-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-107-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-106-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-105-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-104-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-102-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-100-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-99-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-97-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-96-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-94-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-92-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-91-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-89-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-88-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-87-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-85-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-83-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-82-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-80-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-79-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-77-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-76-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-74-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-73-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-71-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-69-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-68-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-109-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-67-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-101-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-98-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-66-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-95-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-93-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-90-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-65-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-86-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-84-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-81-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-78-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-64-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-75-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-72-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-70-0x00000000028D0000-0x0000000002988000-memory.dmp

    Filesize

    736KB

    Download

  • memory/628-128-0x0000000000AA0000-0x0000000000B07000-memory.dmp

    Filesize

    412KB

    Download

  • memory/628-129-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download