Overview

overview

8

Static

static

8

722709fa03...2e.exe

windows7-x64

8

722709fa03...2e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2022 10:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    722709fa038a961b2b71cd79ac883b40fe118ba18667b32177530bd73db7b82e.exe

  • Size

    172KB

  • MD5

    a0314c6fd8d462ec04cc6e5a3fed3220

  • SHA1

    86863b7a7f2f8f81df04845d70f713628381f3fc

  • SHA256

    722709fa038a961b2b71cd79ac883b40fe118ba18667b32177530bd73db7b82e

  • SHA512

    2cdf4955e72f40a742455a89d5fd7afdd0474dade197dc3d48ea261bb4a2bb591fff119c4fca1356254693ebe5692baa1e57446b0b48c1eb66aa23a584bf071a

  • SSDEEP

    3072:IyrN/sVywaEj1UsEOBYJwyrN/sVywaEj1UsbArsnhmBGVslFmbL+wcjte8Gy:Nh9wv1Ut3nh9wv1UsAZy9cZZ9

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies WinLogon 2 TTPs 15 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\722709fa038a961b2b71cd79ac883b40fe118ba18667b32177530bd73db7b82e.exe
    "C:\Users\Admin\AppData\Local\Temp\722709fa038a961b2b71cd79ac883b40fe118ba18667b32177530bd73db7b82e.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1160
  • C:\Windows\SysWOW64\lcss.exe
    C:\Windows\SysWOW64\lcss.exe
    1⤵
    • Executes dropped EXE
    • Modifies WinLogon
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\crypto.dll
    Filesize

    157KB

    MD5

    057aa9ab4deeba87197af302926d148e

    SHA1

    42c821af94cedf6aecb25095ec6336010dbc42ed

    SHA256

    6ba1a952a940b4ec45f8c7bb355a977a76f5cb3e1fb1631cfece121aa0bb2131

    SHA512

    6a355b5da42f503fb4ff5728ad52441eedf2db8161def98b9013b94845413c10cbde1a5dd9e7f3b0470e32b125d23c0cf659c318aa2363501e4a77b4bef87b19

    Download Submit

  • C:\Windows\SysWOW64\lcss.exe
    Filesize

    114KB

    MD5

    f29cabf39e5c6520d8635323269ee17d

    SHA1

    5199c9f04f435d0df40383707471155e41d3bdcd

    SHA256

    ed04f20ea8f64a76bbc9118ff0f39234fd661eb0aee5d3e6af61751588c530a2

    SHA512

    08bc4026dfea226d78d431a7a36036706f0915bb11d7aa4f899487fcb0228e468c0024429e83a23d8bce515d1234289c9caeb4c7a8e922610bbd099718864444

    Download Submit

  • C:\Windows\SysWOW64\lcss.exe
    Filesize

    114KB

    MD5

    f29cabf39e5c6520d8635323269ee17d

    SHA1

    5199c9f04f435d0df40383707471155e41d3bdcd

    SHA256

    ed04f20ea8f64a76bbc9118ff0f39234fd661eb0aee5d3e6af61751588c530a2

    SHA512

    08bc4026dfea226d78d431a7a36036706f0915bb11d7aa4f899487fcb0228e468c0024429e83a23d8bce515d1234289c9caeb4c7a8e922610bbd099718864444

    Download Submit

  • C:\Windows\SysWOW64\net.cpl
    Filesize

    173KB

    MD5

    6f1aec8f7e98fa5e8bf2475abc95a93d

    SHA1

    3a7060439341e48449724ab6f28038664906fc8b

    SHA256

    f9d48b9f87caea39a05438c3dd4db7c84287bdb6e21235701717649c6e8a406f

    SHA512

    e73c6e921080f344d91a65b02989a68d089aba9f5ea4828c8a22d916266e8de10992e9f1b7b7b4c930f4abe2bc1366e3dc8f96c07d4ed323e6d01ab63b5c82de

    Download Submit

  • C:\Windows\SysWOW64\wlogon.dll
    Filesize

    113KB

    MD5

    6e4de3bd0cd70c0917e35a2c5be9511f

    SHA1

    51d5c2e9c5e88e571f41348936a402cc6ed28c07

    SHA256

    5d451358f77c0c524d8394d2c6501eaeafc6b1cabebec29e48c502af89906d65

    SHA512

    a7ce0910d4d446edb28062167cf696b02fae27a1766c90e957084a9db3f2ff2543e213e53e93e1c331589ba19cd71b16fed0c4be233bfe5c270a1827d72dfd70

    Download Submit

  • memory/1160-59-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1756-60-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download