Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 16:53
General
-
Target
7dd069cc7d786f14d55bbf46ea92186297f63f7b699e2f9d37fb6536f85bd27c.exe
-
Size
5.1MB
-
MD5
49350c42627dbd733b713d4a8110cbe5
-
SHA1
51e1cdfd7299b25121d243a97bc99477a2bc0253
-
SHA256
7dd069cc7d786f14d55bbf46ea92186297f63f7b699e2f9d37fb6536f85bd27c
-
SHA512
21216c0d5001854c0aab1a776131245265557e1fa108ce0162b4f8a64f1ce144feab4010c51135ff49fa828400c9a636d09840b49ea3e63ab63008926c143525
-
SSDEEP
98304:CzCUMGlC/uxe9m7OgN649CUENZVjcy593wvy0x4QHVCl4+wjfX6BQxy:gjooe9IvPcU04YZw6SN1Ccj8QE
Malware Config
Signatures
-
Detect Socks5Systemz Payload 1 IoCs
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 1 IoCs
-
Unexpected DNS network traffic destination 3 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7dd069cc7d786f14d55bbf46ea92186297f63f7b699e2f9d37fb6536f85bd27c.exe"C:\Users\Admin\AppData\Local\Temp\7dd069cc7d786f14d55bbf46ea92186297f63f7b699e2f9d37fb6536f85bd27c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-0MQO0.tmp\7dd069cc7d786f14d55bbf46ea92186297f63f7b699e2f9d37fb6536f85bd27c.tmp"C:\Users\Admin\AppData\Local\Temp\is-0MQO0.tmp\7dd069cc7d786f14d55bbf46ea92186297f63f7b699e2f9d37fb6536f85bd27c.tmp" /SL5="$A01BE,5077155,54272,C:\Users\Admin\AppData\Local\Temp\7dd069cc7d786f14d55bbf46ea92186297f63f7b699e2f9d37fb6536f85bd27c.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe"C:\Users\Admin\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe" -i3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe"C:\Users\Admin\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe" -s3⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exeFilesize
3.8MB
MD57c650686c4e511fa0c3f6ab6664703d1
SHA159038923da576d3c8b1ac0586669d06122144aa5
SHA25633acd14971af1799aa6d84dfd82cb730153f19e30f3ef45ce1314d5ce409b4cb
SHA5128c59d39056d65d33016bfcdd3fa00c1420853451f54edf4a2768eb9a9035e41252e1280d94807b345ef3b6ba989af6708dacd09b2c1a35684917f89fcc5b260f
-
C:\Users\Admin\AppData\Local\Temp\is-0MQO0.tmp\7dd069cc7d786f14d55bbf46ea92186297f63f7b699e2f9d37fb6536f85bd27c.tmpFilesize
680KB
MD56f995e2d6c8d0d1d03cb3afcd1deafaf
SHA10319dbd8c7b44067b82fed5272059757a526b3aa
SHA256cc4530fee96cf6e821fa1dbed0c46ac5310c57d6336999e3f93d29f78376f9eb
SHA512207b4d327be81e71152ce35cb272362e9862e6002a6c01e9e9df37578c3764ac1c8d19b19e8e3b751162724490f06fea10611d7becabaff3863af993a90db16d
-
C:\Users\Admin\AppData\Local\Temp\is-UBN7E.tmp\_isetup\_iscrypt.dllFilesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
memory/2020-91-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-76-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-117-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-114-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-111-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-108-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-105-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-68-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-69-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-102-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-99-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-72-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-74-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-96-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-79-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-82-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-85-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2020-86-0x0000000000A30000-0x0000000000AD2000-memory.dmpFilesize
648KB
-
memory/2176-12-0x0000000000400000-0x00000000004BA000-memory.dmpFilesize
744KB
-
memory/2176-71-0x0000000000400000-0x00000000004BA000-memory.dmpFilesize
744KB
-
memory/2568-64-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2568-65-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2568-60-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/2568-59-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/4368-0-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/4368-70-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/4368-3-0x0000000000401000-0x000000000040B000-memory.dmpFilesize
40KB