Overview

overview

8

Static

static

883462123f...be.exe

windows7-x64

8

883462123f...be.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    883462123f1d469fb898b04ae98e849c91b5b6fc834d585747eb6946cfb946be.exe

  • Size

    316KB

  • MD5

    a2a37d4fbeb2a012bc52a68c1e0ef030

  • SHA1

    394e5741178ab6a61f4c97db0b52a49b2db0a80f

  • SHA256

    883462123f1d469fb898b04ae98e849c91b5b6fc834d585747eb6946cfb946be

  • SHA512

    ced5b914c259be5e372e1ecbb6f9fc63ad0f1ae2236c724722196b5879c16514cb78041a9d99307c9c9ffc7af89ec39a4f3443e09886998f3669253ee124e6a4

  • SSDEEP

    6144:iv/BNJq9OrVXl7HWrE+icB8aa36OCwb7eEk8vEE+MlP3dU:iXB7jXVHGbKaW60b7eX8vE

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\883462123f1d469fb898b04ae98e849c91b5b6fc834d585747eb6946cfb946be.exe
    "C:\Users\Admin\AppData\Local\Temp\883462123f1d469fb898b04ae98e849c91b5b6fc834d585747eb6946cfb946be.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\34000926.exe
      C:\34000926.exe
      2⤵
      • Executes dropped EXE
      • Sets DLL path for service in the registry
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:4664
  • C:\Windows\SysWOW64\Svchost.exe
    C:\Windows\SysWOW64\Svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
    1⤵
    • Loads dropped DLL
    PID:5080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\34000926.exe
    Filesize

    279KB

    MD5

    df420f0d4f7f3e909983d0715d3a4588

    SHA1

    2c3ad2c439ea1f4b6dd437ecde9f94f8b4d6e769

    SHA256

    639d412d376350b918b511ad78e83546c5da84e7936e0d87137a2d84553ca112

    SHA512

    1a4cc3042b2f99f91fc0c4555b796751f7c6357fc33e9301ab1229b25cd96a8a39c067774a89fb062165d9979a1be9557bff5db96d1eab961ebf5b77894eaccc

    Download Submit

  • C:\34000926.exe
    Filesize

    279KB

    MD5

    df420f0d4f7f3e909983d0715d3a4588

    SHA1

    2c3ad2c439ea1f4b6dd437ecde9f94f8b4d6e769

    SHA256

    639d412d376350b918b511ad78e83546c5da84e7936e0d87137a2d84553ca112

    SHA512

    1a4cc3042b2f99f91fc0c4555b796751f7c6357fc33e9301ab1229b25cd96a8a39c067774a89fb062165d9979a1be9557bff5db96d1eab961ebf5b77894eaccc

    Download Submit

  • C:\Users\Infotmp.txt
    Filesize

    724B

    MD5

    9067b4af0be3634bac743bfc8affc73c

    SHA1

    d67d2ef219c201b6b389e52d8042047538bd3148

    SHA256

    38d736a1918e5a807374778de3aa8f45e87c1d83182522c4eb23c5409b301229

    SHA512

    f30185b9ae112ba8fed96a66e9fa189680c85d205a34c8fb036dc5f990d4e3387d4f7d212fee7562c7249f645174a97d7876a795714e318e879d9c047d4abfbc

    Download Submit

  • C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll
    Filesize

    279KB

    MD5

    094b9d276ce10ad8b6f8494d71756858

    SHA1

    56994e7c6ceac1a9ccb3b227adb33d6e252fe257

    SHA256

    46f0943ba3304deb1a93019b33136b02e315583f4e3312fae2a51c25035aab2c

    SHA512

    87c55afda652394beee76fb768967a20e5f816bd2377d61542dd3935893fff6cbfc62090524afad035350db9128266a746ca150fb9d79fe8d2424b9ffa7a783b

    Download Submit

  • \??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll
    Filesize

    279KB

    MD5

    094b9d276ce10ad8b6f8494d71756858

    SHA1

    56994e7c6ceac1a9ccb3b227adb33d6e252fe257

    SHA256

    46f0943ba3304deb1a93019b33136b02e315583f4e3312fae2a51c25035aab2c

    SHA512

    87c55afda652394beee76fb768967a20e5f816bd2377d61542dd3935893fff6cbfc62090524afad035350db9128266a746ca150fb9d79fe8d2424b9ffa7a783b

    Download Submit

  • memory/2500-132-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2500-142-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/4664-136-0x0000000000720000-0x0000000000769000-memory.dmp

    Filesize

    292KB

    Download

  • memory/4664-137-0x0000000002370000-0x0000000006370000-memory.dmp

    Filesize

    64.0MB

    Download

  • memory/5080-141-0x0000000074E90000-0x0000000074ED9000-memory.dmp

    Filesize

    292KB

    Download