Overview

overview

8

Static

static

8

83bf4109ee...41.exe

windows7-x64

8

83bf4109ee...41.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    114s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2022, 05:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    83bf4109eeb38323e2262a7f8d95f0c8bc7088baca4fc635706c1e0aaadb7841.exe

  • Size

    229KB

  • MD5

    28e1e8cab29f84112839f9fe891bef22

  • SHA1

    e0910c851fc8489615bebadd3611061d38edb323

  • SHA256

    83bf4109eeb38323e2262a7f8d95f0c8bc7088baca4fc635706c1e0aaadb7841

  • SHA512

    9a8617617e1377ad931ec41d164b86a2114b192fd68a352871fe97710b5d4e578b6084f358b89f849e18d13e3fe868c7c659992434b0ad0191d2ceeffc053b8d

  • SSDEEP

    3072:D5VvdQC6IVXxGmk/2FJEcM4qN+y6wJaQXXgctlnXNCFbdgOSKivew:D1rH4/2jEhTN+ydfXzl9CFbfS

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83bf4109eeb38323e2262a7f8d95f0c8bc7088baca4fc635706c1e0aaadb7841.exe
    "C:\Users\Admin\AppData\Local\Temp\83bf4109eeb38323e2262a7f8d95f0c8bc7088baca4fc635706c1e0aaadb7841.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Windows\Jseloa.exe
      C:\Windows\Jseloa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:996

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Jseloa.exe
          Filesize

          229KB

          MD5

          28e1e8cab29f84112839f9fe891bef22

          SHA1

          e0910c851fc8489615bebadd3611061d38edb323

          SHA256

          83bf4109eeb38323e2262a7f8d95f0c8bc7088baca4fc635706c1e0aaadb7841

          SHA512

          9a8617617e1377ad931ec41d164b86a2114b192fd68a352871fe97710b5d4e578b6084f358b89f849e18d13e3fe868c7c659992434b0ad0191d2ceeffc053b8d

          Download Submit

        • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
          Filesize

          408B

          MD5

          9206fcc2a7e67229e13585aa2dd22185

          SHA1

          d8552dd1c3412feb1e22c110bc5c56aedf84c3ad

          SHA256

          47c9db4eb861112c786a65e401ccabd1db7ab5c96979e60f90ba132075f817e3

          SHA512

          5d2f3e92ee1e98a6a2ba1d7bdedba3f7a0a98d878dc55c1d84fdb7e3f1ca75d69ff51ca623c0ab16ec0aaeae966541541e0c234b290f693f915eb123c7077e75

          Download Submit

        • memory/996-61-0x0000000000400000-0x000000000043B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/996-64-0x0000000000400000-0x000000000043B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/1376-54-0x0000000075091000-0x0000000075093000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1376-55-0x0000000000400000-0x000000000043B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/1376-60-0x0000000000820000-0x000000000085B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/1376-62-0x0000000000400000-0x000000000043B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/1376-63-0x0000000000400000-0x000000000043B000-memory.dmp

          Filesize

          236KB

          Download