Overview

overview

8

Static

static

8

9a7c323345...9a.exe

windows7-x64

8

9a7c323345...9a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    174s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2022 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a7c3233451a6c4aaeabc04cd4f05d9bf402f503b5dffa795b4bd8a01d57ef9a.exe

  • Size

    28KB

  • MD5

    702efc3d2ba9c2577c9982c699ab4952

  • SHA1

    cea45d4b1fb0018f3f6d502aa6482d8901a8b240

  • SHA256

    9a7c3233451a6c4aaeabc04cd4f05d9bf402f503b5dffa795b4bd8a01d57ef9a

  • SHA512

    b516309a41443ed50bc32075a45ec0d1df8ff12926d223efb84ed93406d45bb495176d6e3c81b5b3ca7dd47f4ee1f5c8b1d2bb13aa1c85380a0a3516a9ca55d2

  • SSDEEP

    384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNbRsP:Dv8IRRdsxq1DjJcqfQi

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a7c3233451a6c4aaeabc04cd4f05d9bf402f503b5dffa795b4bd8a01d57ef9a.exe
    "C:\Users\Admin\AppData\Local\Temp\9a7c3233451a6c4aaeabc04cd4f05d9bf402f503b5dffa795b4bd8a01d57ef9a.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4336
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1992

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    397a3f0ac748bbaf7b5cfe6edb04370a

    SHA1

    34f78550f4ab09162aff9d33713c7d3ab5b81981

    SHA256

    7b0ede7ed54c68f4e5af4cc254a45d26ea906e2719039ed45e2c7ff7be3a4c69

    SHA512

    0fd9decddbe9a8d10f33f925ebd9aa4a98d73125140c33b398c3c20df6a5b48fae168ef6593e83eac218f2a264fd14c4ab2f3c0f0abebad83551ab4e6e43c50d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    ea63fe395e6b0a4b1950553086ba4f70

    SHA1

    b99ed8c2a8ec925f4ec3e7fbcd6a9cbffc6c5f0c

    SHA256

    9caafd602dbeb35471b371802ca201aa43e122c1990c4fac84e00aee8b181e77

    SHA512

    e32f9f3f65b8129f514ae6fc525f9e829cb9d937318410d9cfc2899a7bd1a8462de8656f0aeb5100dce9c1ad7921189ac65b7d7d6448b15e5bfdad8a70abdfae

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/1992-132-0x0000000000000000-mapping.dmp

    Download

  • memory/1992-137-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1992-138-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4336-136-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download