Overview

overview

10

Static

static

6e52961bca...04.exe

windows7_x64

8

6e52961bca...04.exe

windows10_x64

10

Analysis

  • max time kernel
    4s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-11-2020 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604.exe

  • Size

    1.5MB

  • MD5

    142ca1586ebf110c896a2081ee5b9897

  • SHA1

    25675d558ee4bae0e32c78b1d150fa3a1a27666e

  • SHA256

    6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604

  • SHA512

    53266437a8411f8fb1ce9f5d9494de3f73b5b3c948974313b62f4f3b3ee172a092151f59c4ac622255213d31ef25a06bd6ca8654ef0557a25cc9ca0ebe4c468c

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604.exe
    "C:\Users\Admin\AppData\Local\Temp\6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Windows\system32\svchost.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1684
    • C:\Users\Admin\AppData\Local\Temp\6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604.exe
      "C:\Users\Admin\AppData\Local\Temp\6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\XBYMK.bat
    MD5

    92353035f01403e26aa2ff51c3963238

    SHA1

    d13f167c73bfce23a2deab8ce7c4ce9f78759ff4

    SHA256

    2e72a8542f8f809bfb1e4adfb481c7c5e6dc00dda7970c74692ba8d83ea0a870

    SHA512

    74560e33477caae3c7bc13914e4ae3c6911bbcfe257b2833155c236a158db0aca17478beb9d97f648ff1ea566005260f511361771c74203195107f4e82cce7df

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    142ca1586ebf110c896a2081ee5b9897

    SHA1

    25675d558ee4bae0e32c78b1d150fa3a1a27666e

    SHA256

    6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604

    SHA512

    53266437a8411f8fb1ce9f5d9494de3f73b5b3c948974313b62f4f3b3ee172a092151f59c4ac622255213d31ef25a06bd6ca8654ef0557a25cc9ca0ebe4c468c

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    142ca1586ebf110c896a2081ee5b9897

    SHA1

    25675d558ee4bae0e32c78b1d150fa3a1a27666e

    SHA256

    6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604

    SHA512

    53266437a8411f8fb1ce9f5d9494de3f73b5b3c948974313b62f4f3b3ee172a092151f59c4ac622255213d31ef25a06bd6ca8654ef0557a25cc9ca0ebe4c468c

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    142ca1586ebf110c896a2081ee5b9897

    SHA1

    25675d558ee4bae0e32c78b1d150fa3a1a27666e

    SHA256

    6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604

    SHA512

    53266437a8411f8fb1ce9f5d9494de3f73b5b3c948974313b62f4f3b3ee172a092151f59c4ac622255213d31ef25a06bd6ca8654ef0557a25cc9ca0ebe4c468c

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    142ca1586ebf110c896a2081ee5b9897

    SHA1

    25675d558ee4bae0e32c78b1d150fa3a1a27666e

    SHA256

    6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604

    SHA512

    53266437a8411f8fb1ce9f5d9494de3f73b5b3c948974313b62f4f3b3ee172a092151f59c4ac622255213d31ef25a06bd6ca8654ef0557a25cc9ca0ebe4c468c

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    142ca1586ebf110c896a2081ee5b9897

    SHA1

    25675d558ee4bae0e32c78b1d150fa3a1a27666e

    SHA256

    6e52961bcacef0d2266611273665feee91e924e55a809e50b6a978e0a2867604

    SHA512

    53266437a8411f8fb1ce9f5d9494de3f73b5b3c948974313b62f4f3b3ee172a092151f59c4ac622255213d31ef25a06bd6ca8654ef0557a25cc9ca0ebe4c468c

    Download Submit
  • memory/404-51-0x0000000000000000-mapping.dmp
    Download
  • memory/816-43-0x0000000000000000-mapping.dmp
    Download
  • memory/1084-45-0x0000000000000000-mapping.dmp
    Download
  • memory/1632-27-0x0000000000698000-0x0000000000699000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-10-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-16-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-17-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-18-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-19-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-22-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-23-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-24-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-25-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-3-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-26-0x0000000000698000-0x0000000000699000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-30-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-29-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-28-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-2-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-4-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-6-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-5-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-7-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-9-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-8-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-13-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-12-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-11-0x0000000000696000-0x0000000000697000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1684-33-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1684-34-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1684-32-0x000000000040B000-mapping.dmp
    Download
  • memory/1684-31-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1756-40-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1756-36-0x00000000004085D0-mapping.dmp
    Download
  • memory/1756-38-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1756-35-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download