Overview

overview

10

Static

static

10

ed26ecf0ec...9a.exe

windows7-x64

8

ed26ecf0ec...9a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    2s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed26ecf0ec2189ddde303c44539632dd39ce40c522f2e470841fe3332a0dae9a.exe

  • Size

    279KB

  • MD5

    0d0b130b912055c8f60b3962f4e0e162

  • SHA1

    9e99f115e9b929e7206f068923125ac30d67ee52

  • SHA256

    ed26ecf0ec2189ddde303c44539632dd39ce40c522f2e470841fe3332a0dae9a

  • SHA512

    3c7acb3eb4aaf6b27452b7c716ec16efca8c26f489debe81f928fd5aa072bc5b65292d125fa59b9a405295c0e772dd4fac0a1661aba1fdba73c9fd7182ca36cd

  • SSDEEP

    6144:yk4qmKNm4LVLqTp3dii06PnFr1thA+PSQ+13r5fcP:N9JPLVL2zvFrhA+6dfcP

Score
8/10
persistenceupx

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed26ecf0ec2189ddde303c44539632dd39ce40c522f2e470841fe3332a0dae9a.exe
    "C:\Users\Admin\AppData\Local\Temp\ed26ecf0ec2189ddde303c44539632dd39ce40c522f2e470841fe3332a0dae9a.exe"
    1⤵
    • Adds policy Run key to start application
    • Modifies Installed Components in the registry
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    PID:1028
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      2⤵
        PID:832
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        2⤵
          PID:1224

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
        Filesize

        38KB

        MD5

        5c721b192fc84174169c5f1232afc9d3

        SHA1

        a1c18e889c3ba670f8a51008ef947b2fdc99026c

        SHA256

        c73dfaf3be06409c0538f551bb427e6f645dd79ac5361d67d07f778f92dac580

        SHA512

        f8d8e1d812646b3719c45de65b5fa2aad0f745a7592716910bc3cc83d5c0909c3b8ec8a0708218bf2729d82097a469a2e6d29c6815c8b7b4fe149adba7892420

        Download Submit

      • \??\c:\dir\install\install\server.exe
        Filesize

        22KB

        MD5

        183f5e9ad2e9a2154334734eeefafdfb

        SHA1

        f146a997560f7bb176229d400eace1500975d57b

        SHA256

        126a8d6607810ec84355979bc0b372a18b21bca7693b858ec619a81f0f49ad3a

        SHA512

        9884c838a7ac355f8383696a73c6c99f23c947c38fb691979b10ac7a0935fb901023ab4b71b7a21cd2467e528e6fc53d2d89728a981fb990555edbc2de4b4afe

        Download Submit

      • memory/832-65-0x0000000074B81000-0x0000000074B83000-memory.dmp

        Filesize

        8KB

        Download

      • memory/832-71-0x0000000024080000-0x00000000240E2000-memory.dmp

        Filesize

        392KB

        Download

      • memory/832-74-0x0000000024080000-0x00000000240E2000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1028-55-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/1028-66-0x0000000024080000-0x00000000240E2000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1028-57-0x0000000024010000-0x0000000024072000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1028-54-0x0000000075021000-0x0000000075023000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1028-85-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/1028-79-0x00000000240F0000-0x0000000024152000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1224-84-0x00000000240F0000-0x0000000024152000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1224-86-0x00000000240F0000-0x0000000024152000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1244-60-0x0000000024010000-0x0000000024072000-memory.dmp

        Filesize

        392KB

        Download