5fcd9bc3c1ede21e66032dc69b91341dc5cb7eee7c8157506210aada55f7ca00

Analysis

max time kernel
152s
max time network
156s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fcd9bc3c1ede21e66032dc69b91341dc5cb7eee7c8157506210aada55f7ca00.exe
Size

637KB
MD5

7cf807f52e0a53f2f5c19fa75fcefd35
SHA1

547e7637c2d25bfd95a36da46e84c84854e42fe4
SHA256

5fcd9bc3c1ede21e66032dc69b91341dc5cb7eee7c8157506210aada55f7ca00
SHA512

dab6a2d3c1194ac5e6b43c3637f48b01a62669f5c58aa3de743aa83e9f981e8dc56436264939d595559a883284d6d843a994c622157eae7b78e506197299ace9
SSDEEP

12288:Clr3S+OKwaMbLrkonqFQ3pY/puio80Nuw2iWgh2XHcEGdnA1dCIJP45aZ0G8p:XaMQonq6BV3Nuw2oh2XHuAiaP2zx

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1184-55-0x0000000000400000-0x00000000005C4000-memory.dmp	upx
behavioral1/memory/1184-57-0x0000000000400000-0x00000000005C4000-memory.dmp	upx
behavioral1/memory/1184-58-0x0000000000400000-0x00000000005C4000-memory.dmp	upx
behavioral1/memory/1184-59-0x0000000000400000-0x00000000005C4000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	5fcd9bc3c1ede21e66032dc69b91341dc5cb7eee7c8157506210aada55f7ca00.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SmartIndex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5fcd9bc3c1ede21e66032dc69b91341dc5cb7eee7c8157506210aada55f7ca00.exe"	5fcd9bc3c1ede21e66032dc69b91341dc5cb7eee7c8157506210aada55f7ca00.exe

C:\Users\Admin\AppData\Local\Temp\5fcd9bc3c1ede21e66032dc69b91341dc5cb7eee7c8157506210aada55f7ca00.exe
"C:\Users\Admin\AppData\Local\Temp\5fcd9bc3c1ede21e66032dc69b91341dc5cb7eee7c8157506210aada55f7ca00.exe"
1⤵
- Adds Run key to start application
PID:1184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1184-55-0x0000000000400000-0x00000000005C4000-memory.dmp

Filesize
1.8MB

Download
memory/1184-57-0x0000000000400000-0x00000000005C4000-memory.dmp

Filesize
1.8MB

Download
memory/1184-58-0x0000000000400000-0x00000000005C4000-memory.dmp

Filesize
1.8MB

Download
memory/1184-59-0x0000000000400000-0x00000000005C4000-memory.dmp

Filesize
1.8MB

Download