Overview

overview

10

Static

static

3

ec92d32c34...20.exe

windows7-x64

10

ec92d32c34...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2025, 06:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec92d32c34b664d0a7f7e19fa92c917764bc467cc19e6ce929902fef7aee2520.exe

  • Size

    319KB

  • MD5

    bf757ad86388f95d736ed6a977dd26ed

  • SHA1

    a4c99b4b0fb8c98259b58dfe20ccdd46c41aa51e

  • SHA256

    ec92d32c34b664d0a7f7e19fa92c917764bc467cc19e6ce929902fef7aee2520

  • SHA512

    3cd30b9c63cb028749357bacc6c193abc0c843c46f6877b79d3ef2929074f506520decce4aa6af7dab725176522b32030469e269c5fff2cfd4210298b14fa320

  • SSDEEP

    6144:g10HUduhJclL9pWmIX0IKFNIbheln8DJ/YhKGdsZ6NPlf+BJeFllE7lpzkKrpz:50d959pAXHKobwlQJ/e3d+cPlf+BcllK

Score
10/10
simdadiscoverypersistencestealertrojan

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Simda family
    simda
  • simda

    Simda is an infostealer written in C++.

    stealertrojansimda
  • Downloads MZ/PE file 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec92d32c34b664d0a7f7e19fa92c917764bc467cc19e6ce929902fef7aee2520.exe
    "C:\Users\Admin\AppData\Local\Temp\ec92d32c34b664d0a7f7e19fa92c917764bc467cc19e6ce929902fef7aee2520.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Modifies WinLogon
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3876
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZGODg3MDUtRDc3RS00NzBBLTkxODgtNDZBN0VGRURFQTAwfSIgdXNlcmlkPSJ7REM4MEYyQjgtODY0Ni00MzUxLUFDQ0QtMTcyNzRFRkZCQUU3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzJGNTAzNkUtMENBRi00NTI5LUE2NTMtNDg5Nzk5QTZDMDZFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzgwNjkyODQ3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:4736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3876-0-0x000000007FDE0000-0x000000007FE49000-memory.dmp

    Filesize

    420KB

    Download

  • memory/3876-1-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3876-2-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3876-3-0x00000000022D0000-0x0000000002382000-memory.dmp

    Filesize

    712KB

    Download

  • memory/3876-4-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download

  • memory/3876-5-0x0000000002440000-0x00000000024F8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/3876-7-0x0000000002440000-0x00000000024F8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/3876-9-0x0000000002440000-0x00000000024F8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/3876-11-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3876-65-0x0000000002440000-0x00000000024F8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/3876-66-0x0000000002440000-0x00000000024F8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/3876-64-0x0000000002440000-0x00000000024F8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/3876-130-0x000000007FDE0000-0x000000007FE49000-memory.dmp

    Filesize

    420KB

    Download

  • memory/3876-136-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download