Overview

overview

10

Static

static

8

d80e8d886e...6d.exe

windows7-x64

10

d80e8d886e...6d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d80e8d886eba78704e090cbee74b6628f21352a57fc870c2c99064ea2563b06d.exe

  • Size

    652KB

  • MD5

    29b0c574a132ce32f3ec06a951a73cb7

  • SHA1

    c4dcf8d8236b64f1dd44f2c3ec4abc93cfa0be56

  • SHA256

    d80e8d886eba78704e090cbee74b6628f21352a57fc870c2c99064ea2563b06d

  • SHA512

    65e175a6cc9cfae3e6d0932190005a45dfcfae4e2a05a5f2cb4d0811acbbaf7b029c16541c5ad6028912db823081276cb97a24efd0b701b0724b447e57883591

  • SSDEEP

    12288:DkXSVWWAuE+ppEOyWMKQ2NywhyvOCrgPxp/jN0ji23R3Yh6dFJyl0GwXRlMe:9ZAulrLmK1RsOCrg/jNN2R04FJylgB+e

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d80e8d886eba78704e090cbee74b6628f21352a57fc870c2c99064ea2563b06d.exe
    "C:\Users\Admin\AppData\Local\Temp\d80e8d886eba78704e090cbee74b6628f21352a57fc870c2c99064ea2563b06d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:644
    • C:\Users\Admin\AppData\Local\Temp\d80e8d886eba78704e090cbee74b6628f21352a57fc870c2c99064ea2563b06dmgr.exe
      C:\Users\Admin\AppData\Local\Temp\d80e8d886eba78704e090cbee74b6628f21352a57fc870c2c99064ea2563b06dmgr.exe
      2⤵
      • Executes dropped EXE
      PID:3816
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 264
        3⤵
        • Program crash
        PID:4760
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3816 -ip 3816
    1⤵
      PID:2384

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\d80e8d886eba78704e090cbee74b6628f21352a57fc870c2c99064ea2563b06dmgr.exe
      Filesize

      105KB

      MD5

      98a8ced05b34189b8b36760049b2ea36

      SHA1

      a5271250fb91d891c7df0cae7812ed68907ae076

      SHA256

      e50689964fa016ff34ad6517bb863e26e571f907635e719f1fe5e70a61763d95

      SHA512

      8548b7dc08007fe55e2b7f9bf502c7271655edff52100bb8445a321f37137139c0cd54f7f85558a2f99b38dd574c8435371adc07f8c365bf8a8561c63fe6be45

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d80e8d886eba78704e090cbee74b6628f21352a57fc870c2c99064ea2563b06dmgr.exe
      Filesize

      105KB

      MD5

      98a8ced05b34189b8b36760049b2ea36

      SHA1

      a5271250fb91d891c7df0cae7812ed68907ae076

      SHA256

      e50689964fa016ff34ad6517bb863e26e571f907635e719f1fe5e70a61763d95

      SHA512

      8548b7dc08007fe55e2b7f9bf502c7271655edff52100bb8445a321f37137139c0cd54f7f85558a2f99b38dd574c8435371adc07f8c365bf8a8561c63fe6be45

      Download Submit

    • memory/644-135-0x0000000000400000-0x0000000000B69000-memory.dmp

      Filesize

      7.4MB

      Download

    • memory/644-137-0x0000000000400000-0x0000000000B69000-memory.dmp

      Filesize

      7.4MB

      Download

    • memory/3816-132-0x0000000000000000-mapping.dmp

      Download

    • memory/3816-136-0x0000000000400000-0x0000000000463000-memory.dmp

      Filesize

      396KB

      Download