Overview

overview

8

Static

static

f6da2cd432...9b.exe

windows7-x64

8

f6da2cd432...9b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 04:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f6da2cd4321a9b0471d76ca3f947b7112a09b974ed333cf09b91687e043ef09b.exe

  • Size

    574KB

  • MD5

    4c4715773f8bc6215d0335248d3a36d0

  • SHA1

    05d04b71865262a054a848488167f6a510dde170

  • SHA256

    f6da2cd4321a9b0471d76ca3f947b7112a09b974ed333cf09b91687e043ef09b

  • SHA512

    252acfc180e770a05f305393f1fb0e24f2d1526f100c004368f4b01ade854d6aae7d4271a4d7a6cb3df44932de46ef79c90399a722d0a537b4da2b1f2eeb8f63

  • SSDEEP

    12288:3vpkka7BjivXBe0NEieYOdp1aeHW6pZHCLtkZ5Es24vem8QMSRp:3vSka7oHLeYO3vRZHkt6243x

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6da2cd4321a9b0471d76ca3f947b7112a09b974ed333cf09b91687e043ef09b.exe
    "C:\Users\Admin\AppData\Local\Temp\f6da2cd4321a9b0471d76ca3f947b7112a09b974ed333cf09b91687e043ef09b.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\AppData\Local\Temp\f6da2cd4321a9b0471d76ca3f947b7112a09b974ed333cf09b91687e043ef09b.exe
      "C:\Users\Admin\AppData\Local\Temp\f6da2cd4321a9b0471d76ca3f947b7112a09b974ed333cf09b91687e043ef09b.exe" /_ShowProgress
      2⤵
        PID:764

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/764-71-0x0000000001D40000-0x0000000001E70000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/764-69-0x0000000001D40000-0x0000000001E70000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/764-70-0x0000000001D40000-0x0000000001E70000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/764-66-0x0000000001D40000-0x0000000001E70000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1308-58-0x0000000001DA0000-0x0000000001ED0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1308-62-0x0000000001DA0000-0x0000000001ED0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1308-63-0x0000000001DA0000-0x0000000001ED0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1308-61-0x0000000000420000-0x00000000004B0000-memory.dmp

            Filesize

            576KB

            Download

          • memory/1308-60-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1308-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1308-59-0x0000000001DA0000-0x0000000001ED0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1308-55-0x0000000001DA0000-0x0000000001ED0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1308-73-0x0000000001DA0000-0x0000000001ED0000-memory.dmp

            Filesize

            1.2MB

            Download