Overview

overview

8

Static

static

a31861c650...35.exe

windows7-x64

8

a31861c650...35.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    366s
  • max time network
    427s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 09:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a31861c6507bb127f3b7c75345eaff6131e56cc4442cfaae023656bfb3800035.exe

  • Size

    931KB

  • MD5

    ba2f46f429a21b86a494b52d071b9d63

  • SHA1

    9662270f14cf9d03bab665404f363410fc6c3f8b

  • SHA256

    a31861c6507bb127f3b7c75345eaff6131e56cc4442cfaae023656bfb3800035

  • SHA512

    2b84b06219ca3d262b5586dc9ca50fe6ddf3a1ac393d624e3a093c62cb567a264d0334f1f80e5b5efad379b70a4051e90413d158814cfec592db517047aa0bfa

  • SSDEEP

    24576:y6IMwPvmB/wWq+5DUTt7FGSwmpu8nL6YKW:y6j19rut7FoU56s

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a31861c6507bb127f3b7c75345eaff6131e56cc4442cfaae023656bfb3800035.exe
    "C:\Users\Admin\AppData\Local\Temp\a31861c6507bb127f3b7c75345eaff6131e56cc4442cfaae023656bfb3800035.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Local\Temp\a31861c6507bb127f3b7c75345eaff6131e56cc4442cfaae023656bfb3800035.exe
      "C:\Users\Admin\AppData\Local\Temp\a31861c6507bb127f3b7c75345eaff6131e56cc4442cfaae023656bfb3800035.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2660

Network

  • flag-unknown
    DNS
    i8i8i7r4kst.7uspe9k7k.com
    a31861c6507bb127f3b7c75345eaff6131e56cc4442cfaae023656bfb3800035.exe
    Remote address:
    8.8.8.8:53
    Request
    i8i8i7r4kst.7uspe9k7k.com
    IN A
    Response
  • 93.184.221.240:80
    52 B
     1
  • 72.21.91.29:80
    46 B
     40 B
     1
    1
  • 93.184.221.240:80
    322 B
     7
  • 40.79.150.121:443
    322 B
     7
  • 20.40.136.238:443
    40 B
     1
  • 104.80.225.205:443
    322 B
     7
  • 8.248.3.254:80
    46 B
     40 B
     1
    1
  • 8.8.8.8:53
    i8i8i7r4kst.7uspe9k7k.com
    dns
    a31861c6507bb127f3b7c75345eaff6131e56cc4442cfaae023656bfb3800035.exe
    71 B
     144 B
     1
    1

    DNS Request

    i8i8i7r4kst.7uspe9k7k.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2660-133-0x0000000000400000-0x00000000004EA000-memory.dmp

    Filesize

    936KB

    Download

  • memory/2660-135-0x0000000000400000-0x00000000004EA000-memory.dmp

    Filesize

    936KB

    Download

  • memory/2660-136-0x0000000000400000-0x00000000004EA000-memory.dmp

    Filesize

    936KB

    Download

  • memory/2660-137-0x0000000000400000-0x00000000004EA000-memory.dmp

    Filesize

    936KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.