Overview

overview

8

Static

static

8

722709fa03...2e.exe

windows7-x64

8

722709fa03...2e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 10:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    722709fa038a961b2b71cd79ac883b40fe118ba18667b32177530bd73db7b82e.exe

  • Size

    172KB

  • MD5

    a0314c6fd8d462ec04cc6e5a3fed3220

  • SHA1

    86863b7a7f2f8f81df04845d70f713628381f3fc

  • SHA256

    722709fa038a961b2b71cd79ac883b40fe118ba18667b32177530bd73db7b82e

  • SHA512

    2cdf4955e72f40a742455a89d5fd7afdd0474dade197dc3d48ea261bb4a2bb591fff119c4fca1356254693ebe5692baa1e57446b0b48c1eb66aa23a584bf071a

  • SSDEEP

    3072:IyrN/sVywaEj1UsEOBYJwyrN/sVywaEj1UsbArsnhmBGVslFmbL+wcjte8Gy:Nh9wv1Ut3nh9wv1UsAZy9cZZ9

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies WinLogon 2 TTPs 15 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\722709fa038a961b2b71cd79ac883b40fe118ba18667b32177530bd73db7b82e.exe
    "C:\Users\Admin\AppData\Local\Temp\722709fa038a961b2b71cd79ac883b40fe118ba18667b32177530bd73db7b82e.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1904
  • C:\Windows\SysWOW64\lcss.exe
    C:\Windows\SysWOW64\lcss.exe
    1⤵
    • Executes dropped EXE
    • Modifies WinLogon
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:3408

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\crypto.dll
          Filesize

          150KB

          MD5

          2d34d765f027973af68b4912999ade0a

          SHA1

          ad6d151ff362c3967081b55ed62a84659fc10015

          SHA256

          aaa84e64e89b6cc071c0b8ab47324b993fff441d04769969cab6d4c69244ecd5

          SHA512

          a0c83a1604388da8df1d09bf30a4487e2e5e74c90a3bc578959bb98f9b091af39d20870384f4dc3fc821a41b4b471a3785e1196747f422a66b6a4b85dbae6980

          Download Submit

        • C:\Windows\SysWOW64\lcss.exe
          Filesize

          198KB

          MD5

          f300c886628d402793942ca7d0935619

          SHA1

          18276ad2648ddcb557711cea3473217be3d4b18c

          SHA256

          73c6919d7e6dae4c43ca62ab02a93c0239bf80357a0888fc798de1001b05800b

          SHA512

          62b7dd50d73aa6709a25870215d39f6fef934a5d1ee4c701ebbf60e646d80d1c052790e1d42134b9c9dd305e280a33a61ac214d10eb2233b780b969b3b4adb73

          Download Submit

        • C:\Windows\SysWOW64\lcss.exe
          Filesize

          198KB

          MD5

          f300c886628d402793942ca7d0935619

          SHA1

          18276ad2648ddcb557711cea3473217be3d4b18c

          SHA256

          73c6919d7e6dae4c43ca62ab02a93c0239bf80357a0888fc798de1001b05800b

          SHA512

          62b7dd50d73aa6709a25870215d39f6fef934a5d1ee4c701ebbf60e646d80d1c052790e1d42134b9c9dd305e280a33a61ac214d10eb2233b780b969b3b4adb73

          Download Submit

        • C:\Windows\SysWOW64\net.cpl
          Filesize

          218KB

          MD5

          3c37feaec441f369a9cc664d4d61ea92

          SHA1

          3a4367ee8d5f21975f6e99b0258b74e4b5e47591

          SHA256

          afd94af0914855f8bb813ee41932c6bb4c10e203a1c0050056b84df996d7c9f1

          SHA512

          a598bfbc4a32ed1413468e190f9d26fd6b2691def17a1f4f5ba6c80aa0a96071cf2d9087ab1caa26d82d07473fff13e465c8360f16216a5c75b7b0213e7bdbe2

          Download Submit

        • C:\Windows\SysWOW64\wlogon.dll
          Filesize

          156KB

          MD5

          9cb7609c7f8ec658fdb33273da677f28

          SHA1

          55703f5b2ba43442d3df5e057d7af12f6df1594d

          SHA256

          264064d0ae03c0e65da9e989a7cac4176ba3fe86a4411de1a15876558a745137

          SHA512

          b186676fcc37946ee9d8f2759920019a71fd47020aab872ddae51db4885e1a6d0eab9b98d9e17e5c10b1ad78f0371486053032c9c1bb6c9434d263e80621b59b

          Download Submit

        • memory/1904-137-0x0000000000400000-0x0000000000420000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3408-138-0x0000000000400000-0x0000000000420000-memory.dmp

          Filesize

          128KB

          Download