a9fd45c496b410a7d3144f71fc4ed9091f8963ab9fe489bd8c71185cf6b1bb88

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9fd45c496b410a7d3144f71fc4ed9091f8963ab9fe489bd8c71185cf6b1bb88.exe
Size

30KB
MD5

901ec5d3992851a161011fb8f6029830
SHA1

b6e0f3cb88bbc3ffd757be9d31d8f04429e96bed
SHA256

a9fd45c496b410a7d3144f71fc4ed9091f8963ab9fe489bd8c71185cf6b1bb88
SHA512

f8d5abf4e4ba1bf7179af85b02e121cd25600f60911c1e0255d2103f8542bc01d1985d21155657d139808fc2327392c9cb59933adf5763759366af0bc9306a71
SSDEEP

384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUbJigK8OP5e54faEyQ5n9RXLq9d:SCIqdH/k1ZVcT194jp4bs05gn9Jcnd

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1324-55-0x0000000000800000-0x000000000080D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	a9fd45c496b410a7d3144f71fc4ed9091f8963ab9fe489bd8c71185cf6b1bb88.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	a9fd45c496b410a7d3144f71fc4ed9091f8963ab9fe489bd8c71185cf6b1bb88.exe
File created	C:\Windows\lsass.exe	a9fd45c496b410a7d3144f71fc4ed9091f8963ab9fe489bd8c71185cf6b1bb88.exe

C:\Users\Admin\AppData\Local\Temp\a9fd45c496b410a7d3144f71fc4ed9091f8963ab9fe489bd8c71185cf6b1bb88.exe
"C:\Users\Admin\AppData\Local\Temp\a9fd45c496b410a7d3144f71fc4ed9091f8963ab9fe489bd8c71185cf6b1bb88.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1324-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1324-55-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download