Overview

overview

8

Static

static

8

381c77c4b8...45.exe

windows7_x64

8

381c77c4b8...45.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    05-07-2022 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    381c77c4b8a22e085cd638ac223e4eba2102ad818c9411899b89e526b189e745.exe

  • Size

    7.1MB

  • MD5

    0fcf5fcab5dcc08452a3ac9a2fee1a80

  • SHA1

    3d3d919d781c56c9d7fa75b10f02e09222916161

  • SHA256

    381c77c4b8a22e085cd638ac223e4eba2102ad818c9411899b89e526b189e745

  • SHA512

    05d8f44f1808d253499651bc54ece78410c7434d7d7a7d18abf5ceb686fb5c99d6b38d6969991cb34ba089836c119e51bae757505f1c158e237709cf28e7f8c6

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 62 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\381c77c4b8a22e085cd638ac223e4eba2102ad818c9411899b89e526b189e745.exe
    "C:\Users\Admin\AppData\Local\Temp\381c77c4b8a22e085cd638ac223e4eba2102ad818c9411899b89e526b189e745.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3132
    • C:\Users\Admin\AppData\Local\Temp\¼«ÏÂÅäÖÃ\jxaria2c.exe
      --conf-path="C:\Users\Admin\AppData\Local\Temp\¼«ÏÂÅäÖÃ\aria2.conf" --save-session="C:\Users\Admin\AppData\Local\Temp\¼«ÏÂÅäÖÃ\aria2.session" --input-file="C:\Users\Admin\AppData\Local\Temp\¼«ÏÂÅäÖÃ\aria2.session" --rpc-listen-port=6828 --enable-rpc=true --rpc-allow-origin-all=true --disable-ipv6=false --rpc-secret=123
      2⤵
      • Executes dropped EXE
      PID:3864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\eAPI.fne
    Filesize

    308KB

    MD5

    7c1ff88991f5eafab82b1beaefc33a42

    SHA1

    5ea338434c4c070aaf4e4e3952b4b08b551267bc

    SHA256

    53483523c316ad8c022c2b07a5cabfff3339bc5cb5e4ac24c3260eea4f4d9731

    SHA512

    310c90c82b545160420375c940b4d6176400e977f74048bfe2e0d0784bc167b361dc7aac149b8379f6e24050a253f321a6606295414ea9b68a563d59d0d17a48

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\E_N60005\eAPI.fne
    Filesize

    308KB

    MD5

    7c1ff88991f5eafab82b1beaefc33a42

    SHA1

    5ea338434c4c070aaf4e4e3952b4b08b551267bc

    SHA256

    53483523c316ad8c022c2b07a5cabfff3339bc5cb5e4ac24c3260eea4f4d9731

    SHA512

    310c90c82b545160420375c940b4d6176400e977f74048bfe2e0d0784bc167b361dc7aac149b8379f6e24050a253f321a6606295414ea9b68a563d59d0d17a48

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\E_N60005\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\E_N60005\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr
    Filesize

    1.2MB

    MD5

    a6a397b67ebac717e7ec095bf9b597ee

    SHA1

    80c7459654f3564c0cb74a47398d48e0f02cb82f

    SHA256

    847fbe068ff90112d9b76c04587439ee3a3866d8c60466bb4673491d94ddfd89

    SHA512

    0eb5528a4aad4458feddbefb5347d0e2cd84d6240a341ccc425d6ed98d15d8588d8635f21d30af389a2af5ac9537bea56a1d97530ac90e965989e296f1c5d8c8

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\¼«ÏÂÅäÖÃ\aria2.conf
    Filesize

    1KB

    MD5

    2febae8df80dde2ef06953ad260c032c

    SHA1

    65bca42c2c7e85607d0983c14b4c2c31c7f81307

    SHA256

    068a724df1d1074501152f65004c9ceb5527096b642cbbb49bad262243749baa

    SHA512

    2eec8fb15d4a5f71338fad12f8cf21877b358086775e7ebe98e3ad44ecad1977cd47d6ebd76910d7fa739a0accebc8eadb25ff9091b689738f688f81eaca2987

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\¼«ÏÂÅäÖÃ\jxaria2c.exe
    Filesize

    4.9MB

    MD5

    79f67a80d4228bf8b571529d7eb2cee2

    SHA1

    269a9e74c7f11f57f23143be3143251b36a9269c

    SHA256

    d205dbbf0fbe75443c62e24306c7dab4da19751233d5fdcbf530f82216a70deb

    SHA512

    e7c6ac6f4b5f5c1e9774394f5e96fa684c57d65242082a58752ee6809b5d261da6e2739ecc440e2d60f1f4cfcc4d8cbb2d10973aea66a963405a3ec575ab7ab7

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\¼«ÏÂÅäÖÃ\jxaria2c.exe
    Filesize

    4.9MB

    MD5

    79f67a80d4228bf8b571529d7eb2cee2

    SHA1

    269a9e74c7f11f57f23143be3143251b36a9269c

    SHA256

    d205dbbf0fbe75443c62e24306c7dab4da19751233d5fdcbf530f82216a70deb

    SHA512

    e7c6ac6f4b5f5c1e9774394f5e96fa684c57d65242082a58752ee6809b5d261da6e2739ecc440e2d60f1f4cfcc4d8cbb2d10973aea66a963405a3ec575ab7ab7

    Download Submit
  • memory/3132-133-0x0000000003360000-0x00000000033A1000-memory.dmp
    Filesize

    260KB

    Download
  • memory/3132-135-0x0000000000400000-0x0000000000F68000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/3132-138-0x0000000004250000-0x00000000042AD000-memory.dmp
    Filesize

    372KB

    Download
  • memory/3864-140-0x0000000000000000-mapping.dmp
    Download