Overview

overview

9

Static

static

419782520a...32.exe

windows7-x64

9

419782520a...32.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    419782520a94211bf97a7c71300a8c0db63a12f16abf23d566b38276d8853932.exe

  • Size

    100KB

  • MD5

    45f366ca8b7ef2826b07d22bc14f0090

  • SHA1

    08b6b7c2e7623e815e5d84b3c5eb172793f4663f

  • SHA256

    419782520a94211bf97a7c71300a8c0db63a12f16abf23d566b38276d8853932

  • SHA512

    5f28acf92e52ad8bb81ef63ee66435cc4ed859122994e5a7b6a5fc61f5d6989536d3f284b4f625e3da54bdbf2ffb4c20e0cff0071fdd3e4679befa2b29e43184

  • SSDEEP

    1536:Y/TRnqsoLb7u5IhGm0sruYTspLbAkoppq/IUxliHdm:WTRVoL3u52Gm0quhdippef

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\419782520a94211bf97a7c71300a8c0db63a12f16abf23d566b38276d8853932.exe
    "C:\Users\Admin\AppData\Local\Temp\419782520a94211bf97a7c71300a8c0db63a12f16abf23d566b38276d8853932.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4752

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\System\symsrv.dll
    Filesize

    65KB

    MD5

    866a64ede2ff589f2c06127afb1a46a9

    SHA1

    b1571f1029c8d07cfa0032fc3db742e60ebd9e54

    SHA256

    dc6e293c583ba5e2864a2d312f3f8de9dfc4b503216821db1db4e2929a8f25d5

    SHA512

    c9316dbe29f9d2180b3bf9ecb0d0711dc7fb443c4947fe6362ddef02d62f8143bdea2855a34d05e6a473d4d2e05cd40d5d4c10491a444d3c34ff21bf6b7dc4af

    Download Submit

  • memory/4752-134-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/4752-133-0x0000000010000000-0x000000001002E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4752-135-0x0000000010000000-0x000000001002E000-memory.dmp

    Filesize

    184KB

    Download