Analysis
-
max time kernel
214s -
max time network
294s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 15:51
General
-
Target
e7e2780e7c72c181bfd9dcc530bbdc6d7d44aa332a61a70b747f05c1f627536f.exe
-
Size
316KB
-
MD5
07c19ae7a373c1c7bc7217a44499c668
-
SHA1
757b45bf6000f48cec14d1d841ca947be904c636
-
SHA256
e7e2780e7c72c181bfd9dcc530bbdc6d7d44aa332a61a70b747f05c1f627536f
-
SHA512
edc36c4de66621c7831277eae6ba5879e4e1a5833767af57b3b77b7a4402898f7ed440e9ffa5e5db61dffd5d271e761c53f15dc2ed8716a66d544ad736a4ccf8
-
SSDEEP
6144:pgUzVP6rNX+ZAQEqjbEY2L/iSiumcZrSf5G8LUu9d:pgl5XGFgaDufZmfZH9d
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e7e2780e7c72c181bfd9dcc530bbdc6d7d44aa332a61a70b747f05c1f627536f.exe"C:\Users\Admin\AppData\Local\Temp\e7e2780e7c72c181bfd9dcc530bbdc6d7d44aa332a61a70b747f05c1f627536f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\aClKeLmPfEj24512\aClKeLmPfEj24512.exe"C:\ProgramData\aClKeLmPfEj24512\aClKeLmPfEj24512.exe" "C:\Users\Admin\AppData\Local\Temp\e7e2780e7c72c181bfd9dcc530bbdc6d7d44aa332a61a70b747f05c1f627536f.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\aClKeLmPfEj24512\aClKeLmPfEj24512.exeFilesize
316KB
MD556b9b3e507b1f3a47ea9a61ee87f675c
SHA15ec93862846bc436e24fe9000f777b7ec8e555e6
SHA2562d02b8ef2567457d78c978470c4d9e457b07e78e43faf8015a7c1837033e4170
SHA5122636a5eaa1376b86d6f8f7586ee3aa6bad4f398ee57b6485c2fb3b6c5b926ce557eb460e233a4deead5fb485e2e9e3a1f7ab36d9017ab13be2273054f0b55709
-
C:\ProgramData\aClKeLmPfEj24512\aClKeLmPfEj24512.exeFilesize
316KB
MD556b9b3e507b1f3a47ea9a61ee87f675c
SHA15ec93862846bc436e24fe9000f777b7ec8e555e6
SHA2562d02b8ef2567457d78c978470c4d9e457b07e78e43faf8015a7c1837033e4170
SHA5122636a5eaa1376b86d6f8f7586ee3aa6bad4f398ee57b6485c2fb3b6c5b926ce557eb460e233a4deead5fb485e2e9e3a1f7ab36d9017ab13be2273054f0b55709
-
\ProgramData\aClKeLmPfEj24512\aClKeLmPfEj24512.exeFilesize
316KB
MD556b9b3e507b1f3a47ea9a61ee87f675c
SHA15ec93862846bc436e24fe9000f777b7ec8e555e6
SHA2562d02b8ef2567457d78c978470c4d9e457b07e78e43faf8015a7c1837033e4170
SHA5122636a5eaa1376b86d6f8f7586ee3aa6bad4f398ee57b6485c2fb3b6c5b926ce557eb460e233a4deead5fb485e2e9e3a1f7ab36d9017ab13be2273054f0b55709
-
\ProgramData\aClKeLmPfEj24512\aClKeLmPfEj24512.exeFilesize
316KB
MD556b9b3e507b1f3a47ea9a61ee87f675c
SHA15ec93862846bc436e24fe9000f777b7ec8e555e6
SHA2562d02b8ef2567457d78c978470c4d9e457b07e78e43faf8015a7c1837033e4170
SHA5122636a5eaa1376b86d6f8f7586ee3aa6bad4f398ee57b6485c2fb3b6c5b926ce557eb460e233a4deead5fb485e2e9e3a1f7ab36d9017ab13be2273054f0b55709
-
memory/920-54-0x0000000000400000-0x00000000004B6000-memory.dmpFilesize
728KB
-
memory/920-56-0x0000000000400000-0x00000000004B6000-memory.dmpFilesize
728KB
-
memory/920-57-0x00000000759F1000-0x00000000759F3000-memory.dmpFilesize
8KB
-
memory/920-58-0x0000000000400000-0x00000000004B6000-memory.dmpFilesize
728KB
-
memory/1892-61-0x0000000000000000-mapping.dmp
-
memory/1892-68-0x0000000000400000-0x00000000004B6000-memory.dmpFilesize
728KB