Overview

overview

8

Static

static

8

6a2b02af07...02.exe

windows7-x64

8

6a2b02af07...02.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    62s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2022, 16:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6a2b02af0771beca6599959876283b130b8f158ecad411449ce41d26b8326702.exe

  • Size

    1.1MB

  • MD5

    42b0356cf80c8eb80877d666c26e5819

  • SHA1

    db89337c351f8b6f9e205874f3b41fc356668b9e

  • SHA256

    6a2b02af0771beca6599959876283b130b8f158ecad411449ce41d26b8326702

  • SHA512

    bf7f9640ba022773fe978984b80e86ee552e18a5f59134916983ac3ec2094ee66dad08e1477447dfdd357937e36f78ecefa8b17eaf0aa8efc16ef014c80d9de6

  • SSDEEP

    24576:W9kY7vgEeJPq34ZTdQXtnqhz2cOmsRQsmjmPOIzAFMn0ke:W9kYuZTdAtS2lpSovcFZ

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a2b02af0771beca6599959876283b130b8f158ecad411449ce41d26b8326702.exe
    "C:\Users\Admin\AppData\Local\Temp\6a2b02af0771beca6599959876283b130b8f158ecad411449ce41d26b8326702.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e56ba2d.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e56ba2d.exe 240564781
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4376
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 2060
        3⤵
        • Program crash
        PID:3900
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4376 -ip 4376
    1⤵
      PID:1872

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e56ba2d.exe
            Filesize

            1.1MB

            MD5

            0c43e4807d4300c9b5a5d407cec7418c

            SHA1

            c7082fb8a7a89b627ce027ccce71ac1b5e6f6456

            SHA256

            63b9396c323dbf5cab8470ef887d5993d24d0ebe232a14827d7be857d0b81854

            SHA512

            7dc3e1fdfe945df0eef3d41c26d5ec2da5e41da655d74b9917808b17bd616a0f5f111a0558d45820e82615eb036927cc3e7e0e4c4247030a7c2284bf42dbaec6

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e56ba2d.exe
            Filesize

            1.1MB

            MD5

            0c43e4807d4300c9b5a5d407cec7418c

            SHA1

            c7082fb8a7a89b627ce027ccce71ac1b5e6f6456

            SHA256

            63b9396c323dbf5cab8470ef887d5993d24d0ebe232a14827d7be857d0b81854

            SHA512

            7dc3e1fdfe945df0eef3d41c26d5ec2da5e41da655d74b9917808b17bd616a0f5f111a0558d45820e82615eb036927cc3e7e0e4c4247030a7c2284bf42dbaec6

            Download Submit

          • memory/4376-136-0x0000000000400000-0x00000000007AC000-memory.dmp

            Filesize

            3.7MB

            Download

          • memory/4376-138-0x0000000000400000-0x00000000007AC000-memory.dmp

            Filesize

            3.7MB

            Download

          • memory/4384-132-0x0000000000400000-0x00000000007AC000-memory.dmp

            Filesize

            3.7MB

            Download

          • memory/4384-137-0x0000000000400000-0x00000000007AC000-memory.dmp

            Filesize

            3.7MB

            Download