Overview

overview

8

Static

static

ee8539045d...96.exe

windows7-x64

8

ee8539045d...96.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 12:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee8539045df3985df51d75198f71f9bfbef6719e235b197d0f982e72432bb796.exe

  • Size

    1.8MB

  • MD5

    ad3a12c1383de37a8a7d2529e0dfb4e3

  • SHA1

    8488b5cda1c39e2c1d78167881e049a8c71ed915

  • SHA256

    ee8539045df3985df51d75198f71f9bfbef6719e235b197d0f982e72432bb796

  • SHA512

    7b9b6a4907a7efea99b592ca96cf7342886fee95345438f21d7491acff17efac787ace3745e94067cd5794d4476310f020155e765dece15ab9d2e9b9f7ab70f6

  • SSDEEP

    49152:413xfgb7UEl3LA/Y7EcqctC4FIi1XdMuhPpTiQwmg:shCwdYSctVhuuhNwmg

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 38 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee8539045df3985df51d75198f71f9bfbef6719e235b197d0f982e72432bb796.exe
    "C:\Users\Admin\AppData\Local\Temp\ee8539045df3985df51d75198f71f9bfbef6719e235b197d0f982e72432bb796.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of SetWindowsHookEx
    PID:4692

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4692-132-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4692-133-0x0000000077880000-0x0000000077A23000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4692-134-0x00000000760F0000-0x0000000076305000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/4692-136-0x0000000075F50000-0x00000000760F0000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4692-137-0x0000000077640000-0x00000000776BA000-memory.dmp
    Filesize

    488KB

    Download
  • memory/4692-1481-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4692-1482-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4692-1483-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4692-1484-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4692-1486-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4692-1487-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1489-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1488-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1491-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1493-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1495-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1497-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1499-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1501-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1503-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1507-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1505-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1509-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1511-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1513-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1515-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1517-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1519-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1521-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1523-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1526-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4692-1528-0x00000000023E0000-0x00000000024E0000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/4692-1529-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1525-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1531-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1532-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4692-1533-0x00000000023E0000-0x00000000024E0000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/4692-1534-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4692-1535-0x0000000000400000-0x0000000000671000-memory.dmp
    Filesize

    2.4MB

    Download