b626c889063e613ccfdf3c8a986a8ba74b5522a79d3c7ccbcf462fd2c5e9275c

Analysis

max time kernel
157s
max time network
172s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b626c889063e613ccfdf3c8a986a8ba74b5522a79d3c7ccbcf462fd2c5e9275c.exe
Size

749KB
MD5

08b6eda6b0ae225e3eaa1838845fd35c
SHA1

7403e462a41d97a18ca714e203cb8fc2816adfdb
SHA256

b626c889063e613ccfdf3c8a986a8ba74b5522a79d3c7ccbcf462fd2c5e9275c
SHA512

1c9a48f85d10b985879eb1a6ac6b78cb3e746b140a9bd5f9e27c4fd9dfe1dd4a89cb7420ad81822ee3395cee1a3a99772b52abd9e0a942933a3ac4d56c4ff5a3
SSDEEP

12288:j/75EWB2WQ2WOoO5fmQ5vydMj21eb2HBIbIOL/Vpv947usubw4AlzoynV:j/75EvWhWO1+G8Q2e2hI7/Vv47/fxnV

Score

8^/10

discovery persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1056-54-0x0000000000400000-0x0000000000618000-memory.dmp	upx
behavioral1/memory/1056-56-0x0000000000400000-0x0000000000618000-memory.dmp	upx
behavioral1/memory/1056-58-0x0000000000400000-0x0000000000618000-memory.dmp	upx
behavioral1/memory/1056-59-0x0000000000400000-0x0000000000618000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SonyAgent = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b626c889063e613ccfdf3c8a986a8ba74b5522a79d3c7ccbcf462fd2c5e9275c.exe"	b626c889063e613ccfdf3c8a986a8ba74b5522a79d3c7ccbcf462fd2c5e9275c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	b626c889063e613ccfdf3c8a986a8ba74b5522a79d3c7ccbcf462fd2c5e9275c.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\b626c889063e613ccfdf3c8a986a8ba74b5522a79d3c7ccbcf462fd2c5e9275c.exe
"C:\Users\Admin\AppData\Local\Temp\b626c889063e613ccfdf3c8a986a8ba74b5522a79d3c7ccbcf462fd2c5e9275c.exe"
1⤵
- Adds Run key to start application
PID:1056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1056-54-0x0000000000400000-0x0000000000618000-memory.dmp

Filesize
2.1MB

Download
memory/1056-56-0x0000000000400000-0x0000000000618000-memory.dmp

Filesize
2.1MB

Download
memory/1056-57-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/1056-58-0x0000000000400000-0x0000000000618000-memory.dmp

Filesize
2.1MB

Download
memory/1056-59-0x0000000000400000-0x0000000000618000-memory.dmp

Filesize
2.1MB

Download