Overview

overview

10

Static

static

bfb42fd322...78.exe

windows7-x64

8

bfb42fd322...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    2s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-10-2022 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678.exe

  • Size

    93KB

  • MD5

    5bb68067ca34e94b875b3c56e3b31e48

  • SHA1

    b19f3c751f56ee29b5b768be227d79650b862e30

  • SHA256

    bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678

  • SHA512

    452fb63eea301bb796c373ad03c4fefd35f568b3215e64674da2b6ec742ba01ad5aeea7d4088b24907ccbf97500bced4effab4dded8d35b90fcd4401ce3ba808

  • SSDEEP

    1536:taAa6KHHzzvPAcDGPyB+iKJB5ukReNwcGgMdPsErZRjIIe0y:+/PlDKw+PI9wcGTdPsaTf

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678.exe
    "C:\Users\Admin\AppData\Local\Temp\bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678.exe"
    1⤵
      PID:1532
      • C:\Users\Admin\AppData\Local\Temp\csrss.exe
        "C:\Users\Admin\AppData\Local\Temp\csrss.exe" -reg C:\Users\Admin\AppData\Local\Temp\bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678.exe -proc 732 C:\Users\Admin\AppData\Local\Temp\bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678.exe
        2⤵
          PID:1972
      • C:\Users\Admin\AppData\Local\Temp\bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678.exe
        "C:\Users\Admin\AppData\Local\Temp\bfb42fd322093caf2e9e05ffa8e5280ec42e26217cfdbfd826f03c6cd6aae678.exe"
        1⤵
          PID:692
        • C:\Users\Admin\AppData\Roaming\Install\Host.exe
          "C:\Users\Admin\AppData\Roaming\Install\Host.exe"
          1⤵
            PID:1740

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\csrss.exe
            Filesize

            17KB

            MD5

            4e18f72f19a271b9b9916df903785830

            SHA1

            72d85d40e5cb9331cda42a8b5e637b1bf17e921e

            SHA256

            a141c3d896e3396b7fec2cdc5e20b3028b20df1128cac5d8a287eb50efba8aa5

            SHA512

            b9fbb5f3e6acf2a57c8ee8e91f91771b07e6fc051cbd82c073bc6d666d0253ecef654e221d4bcb72039622f3f18b3929fdcf5476d5e46662ee9d559eed3ee7a9

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\csrss.exe
            Filesize

            27KB

            MD5

            db70c9a8d40febcd057da043df771d74

            SHA1

            7554e054795293e6e810fdb42d08eb6160a6ea09

            SHA256

            885124e48a8a800c46830e5516d189371128b5c84569d16f91748de1e4c971f2

            SHA512

            c6c5d581d2c0e3c61f554d442a91b3339913af8085415618bf1954e043da388b04781332770027071ab07071c27031d9dc8fa63675b0d64646611b0fdff1662c

            Download Submit
          • C:\Users\Admin\AppData\Roaming\Install\Host.exe
            Filesize

            42KB

            MD5

            73a2b083ead0adaa3b3658041f8fe461

            SHA1

            4ee6461f86215a085c8db64e2ba8be624533f791

            SHA256

            c1806deaa8549736ddcc33297144afe7f938d8265782955283f43f5965c055ce

            SHA512

            67a748cc8b9dc13251542e9f164b8e40b302872fe3b89836c6d5a5529cca13d83bf755db105ce5be490a3fc33b2d93b43b3921fcae4a79962506891ce03faa28

            Download Submit
          • C:\Users\Admin\AppData\Roaming\Install\Host.exe
            Filesize

            10KB

            MD5

            08a582b406915b8ab507cda16fe4e4da

            SHA1

            74b271c375f431da1214e913620deb6316840753

            SHA256

            3507765f47fadce2c3ce64bc2e97be4dd2ea984ed4b37a1566c594d3abd6d8a7

            SHA512

            753071209f28141f5dae7facc1ee64fabe0444a98bad308ca19111cd092ec3d0b88a55a1884bbfde7816ff882dbbc0405a0e1bc8989acc6b600d8215609fd4a6

            Download Submit
          • \Users\Admin\AppData\Local\Temp\csrss.exe
            Filesize

            4KB

            MD5

            37366d293c34858f1ecc7f542b283ca5

            SHA1

            7b97d72109a61ece51ec13cdc893bdf64cfc6dd3

            SHA256

            7bcee57b1d09ffdf1c0b2ecbf6259007874e894a63600a3990070c564c5a4754

            SHA512

            f27b0114fc77e3340a04874fcd17b70eb12324665b44ce0207906bf7243b957696f91b787dfad4cf4a431f9308f0f300df83eca203bcab7e00767b47b6390dae

            Download Submit
          • \Users\Admin\AppData\Local\Temp\csrss.exe
            Filesize

            34KB

            MD5

            a6db583d9b33ad2594221992b5b3a653

            SHA1

            a3eea8e9ccf61fef69190b4e9da1afd3e0db535f

            SHA256

            31a1e2bc45b21a5a394666af84952a1877b5974665990945a07ed9f92107f49c

            SHA512

            619018e76496abf735d2f6eee722a279253d1ac8f3a4e0158bdbf5b851835a9c44b5293000162848367b76d092f742f0499c21dc01b2aea16aec4835cef7e15d

            Download Submit
          • \Users\Admin\AppData\Roaming\Install\Host.exe
            Filesize

            24KB

            MD5

            4932e38db51f51881c99e31da57fbe2c

            SHA1

            cd04f2310167dedbc2dcf8e17685835c5eb8e6cc

            SHA256

            c28cc87ee840907cddcd59ae2514fd7097faf328885758eb9e016f6e35aaa726

            SHA512

            2c1e71558b3af88360b8254b52c03bd044f31d60d2a4c2aacdceea5b3db19af85efa7fe167da1d00109f1c903c8138b1b86536cc148b07c5b2607c99b07f51a4

            Download Submit
          • \Users\Admin\AppData\Roaming\Install\Host.exe
            Filesize

            7KB

            MD5

            0211b929a665e35a3db5559b2755b87d

            SHA1

            2867f07e9b5bb5d50ab5866c7d8896735e9f61e1

            SHA256

            3b59f289f30b2754b1e738ce4b988c6cb34672561e9b0a3bf429a9186209c461

            SHA512

            1b307ee7c9286dad9b5cc8ffe03f9e9af5c4f915741c7eaeafe539885eb75b5bd01242aa66cf4c19ac062e1845e66d21831ece3c97bcdb058a6c3b8c90bc076d

            Download Submit
          • memory/692-85-0x0000000000000000-mapping.dmp
            Download
          • memory/692-86-0x00000000002E0000-0x00000000002F8000-memory.dmp
            Filesize

            96KB

            Download
          • memory/732-68-0x0000000000400000-0x0000000000422000-memory.dmp
            Filesize

            136KB

            Download
          • memory/732-65-0x0000000075091000-0x0000000075093000-memory.dmp
            Filesize

            8KB

            Download
          • memory/732-56-0x0000000000400000-0x0000000000422000-memory.dmp
            Filesize

            136KB

            Download
          • memory/732-57-0x0000000000400000-0x0000000000422000-memory.dmp
            Filesize

            136KB

            Download
          • memory/732-62-0x0000000000400000-0x0000000000422000-memory.dmp
            Filesize

            136KB

            Download
          • memory/732-60-0x0000000000400000-0x0000000000422000-memory.dmp
            Filesize

            136KB

            Download
          • memory/732-66-0x0000000000400000-0x0000000000422000-memory.dmp
            Filesize

            136KB

            Download
          • memory/732-64-0x000000000041FFE0-mapping.dmp
            Download
          • memory/732-72-0x0000000000400000-0x0000000000422000-memory.dmp
            Filesize

            136KB

            Download
          • memory/1532-55-0x0000000000400000-0x0000000000418000-memory.dmp
            Filesize

            96KB

            Download
          • memory/1532-54-0x0000000000890000-0x00000000008AC000-memory.dmp
            Filesize

            112KB

            Download
          • memory/1740-76-0x0000000000410000-0x0000000000428000-memory.dmp
            Filesize

            96KB

            Download
          • memory/1740-75-0x0000000000980000-0x000000000099C000-memory.dmp
            Filesize

            112KB

            Download
          • memory/1740-71-0x0000000000000000-mapping.dmp
            Download
          • memory/1972-83-0x00000000002A0000-0x00000000002B8000-memory.dmp
            Filesize

            96KB

            Download
          • memory/1972-82-0x0000000000BD0000-0x0000000000BEC000-memory.dmp
            Filesize

            112KB

            Download
          • memory/1972-79-0x0000000000000000-mapping.dmp
            Download