Overview

overview

8

Static

static

56c07abe60...ca.exe

windows7-x64

8

56c07abe60...ca.exe

windows10-2004-x64

Analysis

  • max time kernel
    151s
  • max time network
    59s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56c07abe60a219784272b12de6860ae5d8fdd8474a93d6a96e6d68769ad305ca.exe

  • Size

    2.5MB

  • MD5

    5b21a9f632a49491624626ba57cf6581

  • SHA1

    5c9d8b3a6ccee77e2a01abd48b5b360dc9e7ab18

  • SHA256

    56c07abe60a219784272b12de6860ae5d8fdd8474a93d6a96e6d68769ad305ca

  • SHA512

    2328be6320befc67d294307963d89d3efd6a46f59fba73e5a93498c802a049f3cf4444cb206bc8cbbc568e1ae6f5836db9da341eedf4edbb1687d81695ce79c1

  • SSDEEP

    49152:YlO6ZeeYf801oyx8H/ST2whTAlGZv8lf9J:EOnRoyxe6T2yUGK/J

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 59 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56c07abe60a219784272b12de6860ae5d8fdd8474a93d6a96e6d68769ad305ca.exe
    "C:\Users\Admin\AppData\Local\Temp\56c07abe60a219784272b12de6860ae5d8fdd8474a93d6a96e6d68769ad305ca.exe"
    1⤵
    • Checks BIOS information in registry
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:1368

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\SEB720.tmp
    Filesize

    1024B

    MD5

    12871388b682b159ddd85545302a289d

    SHA1

    76b47377da188fcfddeefa0f940287f1cce9885d

    SHA256

    cc033f00e96cae1829e3a5c15150fe68a62f65440f1b158d9257370fbc488a9b

    SHA512

    d60953b62d08e52fa2860db257e2bdbaa97e7eff7007617857f7b30a76f7c7ba81f8444d313a6ad496adbbaede5af1661e72522046789bb9aee1340f7ac12c7d

    Download Submit

  • memory/1368-54-0x0000000000400000-0x0000000000675000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1368-55-0x0000000076071000-0x0000000076073000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1368-57-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1368-59-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1368-60-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1368-61-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1368-62-0x0000000000400000-0x0000000000675000-memory.dmp

    Filesize

    2.5MB

    Download