Overview

overview

8

Static

static

8

84e54009ec...ac.exe

windows7-x64

8

84e54009ec...ac.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    137s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2022 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84e54009ec410c9f9298e92c0372b4a6e34e06ac7ce4f53f33943dd7badcf8ac.exe

  • Size

    37KB

  • MD5

    778951dcd52df9b0dce208446e71f670

  • SHA1

    8200d8fc8e51343021d9be03b042750f77a8393f

  • SHA256

    84e54009ec410c9f9298e92c0372b4a6e34e06ac7ce4f53f33943dd7badcf8ac

  • SHA512

    ccd35e945017dff13e1538dc5cddc085d3aba394247ecec5869fafb161a28ade27a71bfa0bf380a954d082372056d1a235a8634816fe57624dc931d3bce2fd4a

  • SSDEEP

    768:a7p0s84jahW/1zNGfK6T29Ciqa3ChpWWulWhlWjdXKn7ObCmLReS2YqhjqH/ySNX:at0fg/yK6q9Aa3ChE1jdXeObDLISI2HL

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\84e54009ec410c9f9298e92c0372b4a6e34e06ac7ce4f53f33943dd7badcf8ac.exe
    "C:\Users\Admin\AppData\Local\Temp\84e54009ec410c9f9298e92c0372b4a6e34e06ac7ce4f53f33943dd7badcf8ac.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
    Filesize

    21KB

    MD5

    58a1b860aa52425d34eb01a94a1275aa

    SHA1

    05a5972c4fc446b1b9d3d1b85c95fd961bc6dc1e

    SHA256

    5e295435c66777c36f1613613798d45c9f264321bb85a26034c65a321d26c6f0

    SHA512

    cb06693550957e1cdc946f66071474d809ac3585dc38cb27f331da451498580690854ab3c350e866c11a9a6d71e43988a9151a63e317c19116bd5fe6d7bdef11

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
    Filesize

    21KB

    MD5

    58a1b860aa52425d34eb01a94a1275aa

    SHA1

    05a5972c4fc446b1b9d3d1b85c95fd961bc6dc1e

    SHA256

    5e295435c66777c36f1613613798d45c9f264321bb85a26034c65a321d26c6f0

    SHA512

    cb06693550957e1cdc946f66071474d809ac3585dc38cb27f331da451498580690854ab3c350e866c11a9a6d71e43988a9151a63e317c19116bd5fe6d7bdef11

    Download Submit

  • memory/5040-134-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/5040-135-0x0000000000590000-0x00000000005AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5040-136-0x0000000000590000-0x00000000005AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5040-137-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/5040-138-0x0000000000590000-0x00000000005AB000-memory.dmp

    Filesize

    108KB

    Download