Overview

overview

10

Static

static

8

d3bd9b4480...4a.exe

windows7-x64

d3bd9b4480...4a.exe

windows10-2004-x64

Analysis

  • max time kernel
    135s
  • max time network
    163s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 14:22

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    d3bd9b4480aa032b01b957a7645041e67c28c49f44b1acff9aaceed0d718784a.exe

  • Size

    323KB

  • MD5

    06c0155ca14b2aa9ca7164823b04e140

  • SHA1

    9f286e7679006ee92bf7d874d030d9b9d108dcf9

  • SHA256

    d3bd9b4480aa032b01b957a7645041e67c28c49f44b1acff9aaceed0d718784a

  • SHA512

    708f20d039a6725d079a80da70aad41ed58ed36f6ba161dc05e5656dc1019650dcfb016849ffa663c43b061f18fae7928b9b73b2b0012d6e962334287a6a7402

  • SSDEEP

    6144:KexS8ZE9UoGWllR+2S2zr7JhYQ+kCABN1aKprYyYyNC7ToS529oc:KewCE9Zps2nF/cABN1aKprYyqoS55c

Score
10/10
persistenceupx

Malware Config

Signatures

  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3bd9b4480aa032b01b957a7645041e67c28c49f44b1acff9aaceed0d718784a.exe
    "C:\Users\Admin\AppData\Local\Temp\d3bd9b4480aa032b01b957a7645041e67c28c49f44b1acff9aaceed0d718784a.exe"
    1⤵
    • Modifies system executable filetype association
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\SysWOW64\shutdown.exe
      shutdown -s -t 100 -c ÐÜèÉÕÏ㲡¶¾
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:992
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\1.bat
      2⤵
      • Modifies registry class
      PID:1228
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1748
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:968

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • \??\c:\1.bat
              Filesize

              18B

              MD5

              c6c7b4dcc81c27c76c49dfd2acee715e

              SHA1

              ef6a2a2ccb276bc9a057cd0d6f0bd3867d1988b7

              SHA256

              edc099fdfa8210f123cdc51dfb3256cc7dc3c0af614fd63e3c1d6182bf37ae21

              SHA512

              b9d1aba58a20238e3870c9785a43d1c64273b3c332d545f8c363d02844214f6dcd3332c35281b2663ed2192728c33d915d457615c6f4057a1dccdea188d38898

              Download Submit

            • memory/1748-61-0x000007FEFC101000-0x000007FEFC103000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1952-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1952-59-0x0000000000400000-0x00000000004E1000-memory.dmp

              Filesize

              900KB

              Download

            • memory/1952-60-0x0000000000400000-0x00000000004E1000-memory.dmp

              Filesize

              900KB

              Download

            • memory/1952-62-0x0000000000400000-0x00000000004E1000-memory.dmp

              Filesize

              900KB

              Download