Overview

overview

8

Static

static

8

67adbc061f...79.exe

windows7-x64

8

67adbc061f...79.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2022 10:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67adbc061fa0c5e4d058bd310fb0d2a129470ac18e60c97a269d3a0b8d205179.exe

  • Size

    140KB

  • MD5

    a09120a3fe53eb6b2f55e0ad65e40c10

  • SHA1

    5b3b625226e6a0a3746e669487466a41e68d70f0

  • SHA256

    67adbc061fa0c5e4d058bd310fb0d2a129470ac18e60c97a269d3a0b8d205179

  • SHA512

    c3c8635e1fe9121011c5f9c482d3c0f1801190c2ab2cce8b9c59e07573aebbc3614215b7735a720190a9560b05d3bf2e2414e64701508fd0e545cdf44e49b842

  • SSDEEP

    3072:IyrN/sVywaEj1UsEOBYJwyrN/sVywaEj1UsWvMXb4XqATlS4EBDk:Nh9wv1Ut3nh9wv1UaXbWzTlkJk

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies WinLogon 2 TTPs 15 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67adbc061fa0c5e4d058bd310fb0d2a129470ac18e60c97a269d3a0b8d205179.exe
    "C:\Users\Admin\AppData\Local\Temp\67adbc061fa0c5e4d058bd310fb0d2a129470ac18e60c97a269d3a0b8d205179.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1404
  • C:\Windows\SysWOW64\lcss.exe
    C:\Windows\SysWOW64\lcss.exe
    1⤵
    • Executes dropped EXE
    • Modifies WinLogon
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1588

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\crypto.dll
    Filesize

    129KB

    MD5

    98e1ec4bb61bc80e30c94820fd0aef04

    SHA1

    bfdaf889242f3d5fcdd59077490234f9bae5525a

    SHA256

    40621ae562ab795dc91afd94f94f12c7634053ec2437a6861ae06fb520a1278a

    SHA512

    150b2425d3434c0ffc23ce723598bdfc4c322c277371f13b6c984b349c60bbd67aa12e9380cd1db5ba741c67c9c5877ca027afc81fdf26ebb81a150f3bf47246

    Download Submit

  • C:\Windows\SysWOW64\lcss.exe
    Filesize

    214KB

    MD5

    553378999e01443c4b43dcd3f543603f

    SHA1

    db69e665fee07e1d36b088a58b51cf3807c893c9

    SHA256

    eae00fbc13a0185d50a76de62540453a9450b8f16b5b2da22264f700d2674dad

    SHA512

    0ed6ca1d4f67b509c915d52a38265ae3c8dddd776d4534027308b597e68b61985411f47b5ac9e08e3996a58acf26b44e12ec1e8e309c1c66be9bb446461ad542

    Download Submit

  • C:\Windows\SysWOW64\lcss.exe
    Filesize

    214KB

    MD5

    553378999e01443c4b43dcd3f543603f

    SHA1

    db69e665fee07e1d36b088a58b51cf3807c893c9

    SHA256

    eae00fbc13a0185d50a76de62540453a9450b8f16b5b2da22264f700d2674dad

    SHA512

    0ed6ca1d4f67b509c915d52a38265ae3c8dddd776d4534027308b597e68b61985411f47b5ac9e08e3996a58acf26b44e12ec1e8e309c1c66be9bb446461ad542

    Download Submit

  • C:\Windows\SysWOW64\net.cpl
    Filesize

    141KB

    MD5

    99e1d53078c1b1e75dd2da7a4554e2c0

    SHA1

    69df2ac8b021b26d949de9551617348f650074b8

    SHA256

    281278f249318138d4c61fea5c13ade85c750e0fdd3a72ca9308010efed4b1a1

    SHA512

    69ca9ee4f03eeed7bc57264f533d94154615dafcb2e64e0ca71a71af312ed40010f1d905e8e4b98a120b9f4a8adf985905ff5f244ceab09b65e0e1008e44718f

    Download Submit

  • C:\Windows\SysWOW64\wlogon.dll
    Filesize

    230KB

    MD5

    ee3584864ca6217e828002fd2e290161

    SHA1

    25c3c983ddeccf1c14959f7b84eef470789d8be1

    SHA256

    8cc318ccdb1e087ec60c1fcf43a874ad305110873289a77b7f44ec3831e58be1

    SHA512

    d5380f460c5e89570ecc2ce488b5ff218cea9d78233c279163d51bd145ec0d8d26308a39bdbecc364470c334d040f753c56759877a30a8ae0073a8e662d71f64

    Download Submit

  • memory/1404-54-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1404-60-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1588-61-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download