Overview

overview

8

Static

static

236eb4b6c7...ac.exe

windows7-x64

8

236eb4b6c7...ac.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    278s
  • max time network
    328s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    236eb4b6c7cc5e270e4540f23c78a255b502f78c5f19fed1c476963935e816ac.exe

  • Size

    975KB

  • MD5

    5847b9ede173b9906cd97d16d8f439ae

  • SHA1

    252e1ef6da885fdd3b730ac7d37d3f062aed9b69

  • SHA256

    236eb4b6c7cc5e270e4540f23c78a255b502f78c5f19fed1c476963935e816ac

  • SHA512

    49caf512a6b6c07a0f949dc45eb8b803658ce5f98c0b0382468dd1fe5372a19d69eeff0bf7a488f4f91f8334342b1f5f45a342394c4450ed24d619b34c7615c1

  • SSDEEP

    6144:aZ7l+qrvVra1h+9tbZ8WyAJe/V0TUJp9497AXJRpte6ECZkgwTSkne8CpiKk:cro1s9tWmetKw9qsHptemz7kne8CY

Score
8/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\236eb4b6c7cc5e270e4540f23c78a255b502f78c5f19fed1c476963935e816ac.exe
    "C:\Users\Admin\AppData\Local\Temp\236eb4b6c7cc5e270e4540f23c78a255b502f78c5f19fed1c476963935e816ac.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4124

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4124-132-0x0000000000640000-0x0000000000650000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4124-133-0x0000000000B00000-0x0000000000B53000-memory.dmp
    Filesize

    332KB

    Download
  • memory/4124-134-0x0000000002210000-0x00000000022C9000-memory.dmp
    Filesize

    740KB

    Download
  • memory/4124-137-0x0000000002210000-0x00000000022C9000-memory.dmp
    Filesize

    740KB

    Download
  • memory/4124-138-0x0000000002210000-0x00000000022C9000-memory.dmp
    Filesize

    740KB

    Download
  • memory/4124-139-0x0000000002276000-0x00000000022C8000-memory.dmp
    Filesize

    328KB

    Download
  • memory/4124-140-0x0000000002211000-0x0000000002276000-memory.dmp
    Filesize

    404KB

    Download
  • memory/4124-141-0x0000000002276000-0x00000000022C8000-memory.dmp
    Filesize

    328KB

    Download