Overview

overview

8

Static

static

1ff2fde994...45.exe

windows7-x64

8

1ff2fde994...45.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    94s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ff2fde994cd9791215a0c39e9611caf7b8ec449d2d82b6802ea1b08dd7d6245.exe

  • Size

    144KB

  • MD5

    39b3cdbe592fbfce5b7bca5eb66f009a

  • SHA1

    5445a005346ec9b514c29371cbd18eed660abf14

  • SHA256

    1ff2fde994cd9791215a0c39e9611caf7b8ec449d2d82b6802ea1b08dd7d6245

  • SHA512

    0b0f00a6a5bd9defae9b3bf8882a5563f9411b2ac6ac5f62adda89a7d68613be17efea091d6e8bc64e69b1e6e950b20e4e3e43dcc28d8c84b1959d29310b0394

  • SSDEEP

    3072:quKay2UNgieWnK80r5K8rbTx81JI/21AiXslNko4:quKawsvEKb181DAu

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ff2fde994cd9791215a0c39e9611caf7b8ec449d2d82b6802ea1b08dd7d6245.exe
    "C:\Users\Admin\AppData\Local\Temp\1ff2fde994cd9791215a0c39e9611caf7b8ec449d2d82b6802ea1b08dd7d6245.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Windows\msa.exe
      C:\Windows\msa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1064

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
    Filesize

    408B

    MD5

    dbf6e2ee7c18bc16513140e4052c0795

    SHA1

    879f3553346ac6d7526727b4e8d666694ed1ee68

    SHA256

    8941661bc2bbb7b830574df81cdfbae1111e658dc8b715fae9eb1d10a091ea0f

    SHA512

    b46869314670188f731f4b70f496e644e37afea7227c5365e885d47c97ecf62f743a29fc96484c63e8ca9b241f8bf83396f207c43080843cf66baf805906fcfb

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    144KB

    MD5

    39b3cdbe592fbfce5b7bca5eb66f009a

    SHA1

    5445a005346ec9b514c29371cbd18eed660abf14

    SHA256

    1ff2fde994cd9791215a0c39e9611caf7b8ec449d2d82b6802ea1b08dd7d6245

    SHA512

    0b0f00a6a5bd9defae9b3bf8882a5563f9411b2ac6ac5f62adda89a7d68613be17efea091d6e8bc64e69b1e6e950b20e4e3e43dcc28d8c84b1959d29310b0394

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    144KB

    MD5

    39b3cdbe592fbfce5b7bca5eb66f009a

    SHA1

    5445a005346ec9b514c29371cbd18eed660abf14

    SHA256

    1ff2fde994cd9791215a0c39e9611caf7b8ec449d2d82b6802ea1b08dd7d6245

    SHA512

    0b0f00a6a5bd9defae9b3bf8882a5563f9411b2ac6ac5f62adda89a7d68613be17efea091d6e8bc64e69b1e6e950b20e4e3e43dcc28d8c84b1959d29310b0394

    Download Submit

  • memory/1064-60-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1064-64-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1940-54-0x00000000753C1000-0x00000000753C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1940-55-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1940-62-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1940-63-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download