Overview

overview

8

Static

static

2ffccd6cee...5f.exe

windows7-x64

8

2ffccd6cee...5f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    181s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 14:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe

  • Size

    935KB

  • MD5

    8990d8ace40fd93327a9c80a0827b8ca

  • SHA1

    dac5d723c6154d677884a39d73b23295ffe01d1c

  • SHA256

    2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f

  • SHA512

    0511648cfbbe4931346640cbd6dfff2a17d3f62d7fc56707ff925ddfbc9f32c9b76fece62a46e7c6887050410507dbd38d48d93843a1b21ac7e4156bcae3c574

  • SSDEEP

    12288:p5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4:pyHv5Z+Wzv7AiBll0OBWi6si9G

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe
    "C:\Users\Admin\AppData\Local\Temp\2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3716
    • C:\Users\Admin\AppData\Local\Temp\2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe
      "C:\Users\Admin\AppData\Local\Temp\2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe" Track="0001101000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:748

Network

  • flag-unknown
    DNS
    j9u4b98oz16k4.bo0v3029w.com
    2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe
    Remote address:
    8.8.8.8:53
    Request
    j9u4b98oz16k4.bo0v3029w.com
    IN A
    Response
  • flag-unknown
    DNS
    151.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    151.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    j9u4b98oz16k4.bo0v3029w.com
    2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe
    Remote address:
    8.8.8.8:53
    Request
    j9u4b98oz16k4.bo0v3029w.com
    IN A
    Response
  • flag-unknown
    DNS
    226.101.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.101.242.52.in-addr.arpa
    IN PTR
    Response
  • 209.197.3.8:80
    260 B
     5
  • 87.248.202.1:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 209.197.3.8:80
    260 B
     5
  • 8.8.8.8:53
    j9u4b98oz16k4.bo0v3029w.com
    dns
    2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe
    73 B
     146 B
     1
    1

    DNS Request

    j9u4b98oz16k4.bo0v3029w.com

  • 8.8.8.8:53
    151.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    151.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    j9u4b98oz16k4.bo0v3029w.com
    dns
    2ffccd6ceeb12193cd8c9f825b6113d00da2182c0362a4ec760921439780b35f.exe
    73 B
     146 B
     1
    1

    DNS Request

    j9u4b98oz16k4.bo0v3029w.com

  • 8.8.8.8:53
    226.101.242.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    226.101.242.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/748-133-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/748-135-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/748-136-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/748-137-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/748-138-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/748-139-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.