Overview

overview

8

Static

static

823ee3bb77...0a.exe

windows7-x64

8

823ee3bb77...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    231s
  • max time network
    333s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 11:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    823ee3bb77c1078d087cec0ccbd1642eab3b8b1f6c0d431d0c6c0a585e7aa10a.exe

  • Size

    2.0MB

  • MD5

    0db1d4623cc81052c63a05eb865fdfe4

  • SHA1

    e76646d979dd1fb4f5e864e46ca217e8ad6da1fa

  • SHA256

    823ee3bb77c1078d087cec0ccbd1642eab3b8b1f6c0d431d0c6c0a585e7aa10a

  • SHA512

    f0bcbcbeaf81fe75f3b4a6c1e7ee853323fa89fb13763bdad67d9ec0f231e21d2ed0e7fbade7c80dec8b6928fa7ae8d8d405d758cf8dbc7254bc9f8c84990edd

  • SSDEEP

    49152:U8s+BRmbo33skK2wkZY+0FP56pxY1eL1HWAra0dWZXzzZIHdi:kCgoncDphc61ZcLWxzziHI

Score
8/10
evasionupx

Malware Config

Signatures

  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\823ee3bb77c1078d087cec0ccbd1642eab3b8b1f6c0d431d0c6c0a585e7aa10a.exe
    "C:\Users\Admin\AppData\Local\Temp\823ee3bb77c1078d087cec0ccbd1642eab3b8b1f6c0d431d0c6c0a585e7aa10a.exe"
    1⤵
    • Identifies Wine through registry keys
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:596

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/596-54-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/596-55-0x0000000002100000-0x00000000021DD000-memory.dmp

          Filesize

          884KB

          Download

        • memory/596-56-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/596-57-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-58-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-59-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-61-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-63-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-65-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-67-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-69-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-71-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-73-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-75-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-77-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-79-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-81-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-83-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-85-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-87-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-89-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-91-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-95-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-97-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-93-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-99-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download

        • memory/596-100-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/596-101-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/596-102-0x0000000004270000-0x00000000042AD000-memory.dmp

          Filesize

          244KB

          Download