Overview

overview

10

Static

static

8e6f24e4cb...c2.exe

windows7_x64

8

8e6f24e4cb...c2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    66s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-04-2022 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e6f24e4cb48f7ed08b9796061dd09dd5fcefd7804c7b102a5d0f88c85938bc2.exe

  • Size

    921KB

  • MD5

    40f39933c67ea2045c887db44e9ba666

  • SHA1

    611422b9d996fe8e6070fd107412cb61efbef483

  • SHA256

    8e6f24e4cb48f7ed08b9796061dd09dd5fcefd7804c7b102a5d0f88c85938bc2

  • SHA512

    363cd33c4ed51d8d8aa89c506f7392ec921479a2a3a010af1c48917e82be5166c9c09ba817aad417dff7e62e17ceef9d173899ff0c706ff18e3e3e10b74c26bc

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e6f24e4cb48f7ed08b9796061dd09dd5fcefd7804c7b102a5d0f88c85938bc2.exe
    "C:\Users\Admin\AppData\Local\Temp\8e6f24e4cb48f7ed08b9796061dd09dd5fcefd7804c7b102a5d0f88c85938bc2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
      "C:\Users\Admin\AppData\Local\Temp\RegAsm.exe"
      2⤵
      • Executes dropped EXE
      PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
    Filesize

    63KB

    MD5

    b58b926c3574d28d5b7fdd2ca3ec30d5

    SHA1

    d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

    SHA256

    6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

    SHA512

    b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

    Download Submit
  • \Users\Admin\AppData\Local\Temp\RegAsm.exe
    Filesize

    63KB

    MD5

    b58b926c3574d28d5b7fdd2ca3ec30d5

    SHA1

    d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

    SHA256

    6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

    SHA512

    b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

    Download Submit
  • \Users\Admin\AppData\Local\Temp\b35bc50e-fc56-4239-a7d0-bb79118b31c9\AgileDotNetRT.dll
    Filesize

    94KB

    MD5

    14ff402962ad21b78ae0b4c43cd1f194

    SHA1

    f8a510eb26666e875a5bdd1cadad40602763ad72

    SHA256

    fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

    SHA512

    daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

    Download Submit
  • memory/1724-60-0x0000000000090000-0x0000000000186000-memory.dmp
    Filesize

    984KB

    Download
  • memory/1724-61-0x0000000000090000-0x0000000000186000-memory.dmp
    Filesize

    984KB

    Download
  • memory/1724-63-0x0000000000090000-0x0000000000186000-memory.dmp
    Filesize

    984KB

    Download
  • memory/1724-65-0x00000000004F4AE0-mapping.dmp
    Download
  • memory/2016-54-0x0000000001290000-0x000000000137C000-memory.dmp
    Filesize

    944KB

    Download
  • memory/2016-55-0x0000000000A50000-0x0000000000A7A000-memory.dmp
    Filesize

    168KB

    Download
  • memory/2016-56-0x0000000000B20000-0x0000000000B3C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/2016-58-0x0000000075560000-0x00000000755E0000-memory.dmp
    Filesize

    512KB

    Download