Overview

overview

8

Static

static

8

c61db59e52...b9.exe

windows7-x64

8

c61db59e52...b9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 17:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c61db59e52fbfce2d8532d4b0128fd3c2436acf7e88283f85302f208e69024b9.exe

  • Size

    26KB

  • MD5

    15e44d585c8775f14ff49d3f43669869

  • SHA1

    d8c3284b92e2c67e0d8d2de0af1ae3e564e312ff

  • SHA256

    c61db59e52fbfce2d8532d4b0128fd3c2436acf7e88283f85302f208e69024b9

  • SHA512

    a495908bc875f9bd9adaa48eeea7b10f75a41328f1460ebd0d5f4f8c9499e4ac01316f2b61e097a120b0923d58e843c3b0a336045a350fc9a916cdd4ff55af64

  • SSDEEP

    768:J1NAUsbxtT6sFst/3IrdlLUwknbcuyD7UVC:J1NAUwtT6sFstwrbUBnouy8

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\c61db59e52fbfce2d8532d4b0128fd3c2436acf7e88283f85302f208e69024b9.exe
    "C:\Users\Admin\AppData\Local\Temp\c61db59e52fbfce2d8532d4b0128fd3c2436acf7e88283f85302f208e69024b9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\DE6.tmp\troy_bez_mail.bat""
      2⤵
      • Drops file in Drivers directory
      • Suspicious use of WriteProcessMemory
      PID:1152
      • C:\Windows\notepad.exe
        C:\Windows\notepad.exe
        3⤵
          PID:1684
        • C:\Windows\SysWOW64\attrib.exe
          attrib -h -s "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Views/modifies file attributes
          PID:1388
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h +s "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Views/modifies file attributes
          PID:284

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\DE6.tmp\troy_bez_mail.bat
            Filesize

            7KB

            MD5

            55d56d84d4b7c4ff2315e34e607437f6

            SHA1

            fd77ddfe96d39110dbb11b4e42d3c11e9e3ecac6

            SHA256

            788bbb0ab94bd16e74e914b7c9f2e0b170b66be6d39a0d81e1cc5a099b92215b

            SHA512

            c9f855233e8082d5aee7ceed41c3b911d3cfe85214ac02b99c48c64d27e47e5bd0ffd83acbb0d6f573381009aa9cad222ddb731d02a2605f42c15b16c4b7623f

            Download Submit

          • memory/1492-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1492-61-0x0000000000400000-0x0000000000413000-memory.dmp

            Filesize

            76KB

            Download

          • memory/1684-58-0x000007FEFC5A1000-0x000007FEFC5A3000-memory.dmp

            Filesize

            8KB

            Download