Overview

overview

8

Static

static

8

e206604784...ca.exe

windows7-x64

8

e206604784...ca.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2022 09:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e206604784264f4da3135215ffc75f1c61573dad2f58e08982a3e069718ae6ca.exe

  • Size

    28KB

  • MD5

    6d51246cd0e5dafc300d49ab7802a87c

  • SHA1

    ebdb85e66bca041f20ae7a3e47f418ebe308d6c9

  • SHA256

    e206604784264f4da3135215ffc75f1c61573dad2f58e08982a3e069718ae6ca

  • SHA512

    eb540c863d51233f034cb2ee7ebc661e3455b01e079168c0d14554a18ac9da5eec05587b0b3c4a1c77cb9d7bc5f160e459f3d921066a4f8a34a2a41de45fe886

  • SSDEEP

    384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNap3C+:Dv8IRRdsxq1DjJcqf9z

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e206604784264f4da3135215ffc75f1c61573dad2f58e08982a3e069718ae6ca.exe
    "C:\Users\Admin\AppData\Local\Temp\e206604784264f4da3135215ffc75f1c61573dad2f58e08982a3e069718ae6ca.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3120

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    464cd9426b5d373d6f96b0ba90819f59

    SHA1

    6c1e81205cd5f6f02928cb862f7e486284568e5a

    SHA256

    12dee3145109829ecb28cc197899cb1153131deb73c4e79a1ecc91a3467b7310

    SHA512

    060ff0781b387dd56dc2e066a9fde68f8f04fed288e3a80f01fa1cc23070305011f90c0faa1d0948bc338f2a68e31d84eaedb925e5b3be6aa48ccf3f4d48c9ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    e3a527d8d69688aa4756eb98debf55ad

    SHA1

    0f3f58e128fc32f2ae84b7d7c86f429fdbe4d52c

    SHA256

    1ef024c6d2fb5ba67961ae13479ad4e27e46146f934667fbda4b0691b798155d

    SHA512

    5562172ec220030e699a217b60cfc35727adb5e7f3a516d9139d7b3745150095977a0f1d75e8dfb37fece46648d813f3ec3066ca131037d3b68d8d5b20b3a77a

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/3120-137-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3120-139-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4760-133-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4760-138-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download