Overview

overview

8

Static

static

105ca24205...e9.exe

windows7-x64

8

105ca24205...e9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    54s
  • max time network
    58s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 16:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    105ca242058718ebe3d9f1ce09cb9212fc7f114896dc4c74a7b4d5bc7bbdfce9.exe

  • Size

    935KB

  • MD5

    379756c17a73a26817787c25121bbdf2

  • SHA1

    bad5f6beb03fd7bf84e69952592d4f5002b86ed1

  • SHA256

    105ca242058718ebe3d9f1ce09cb9212fc7f114896dc4c74a7b4d5bc7bbdfce9

  • SHA512

    9e559916ebdb5a0dfdf1fb83a32d9726319d2eb873c1c00a3dfd5d4ba0033fb566c719bcedd372dd619603caad7a86a11e16ba2601ea888859d8e175b3703659

  • SSDEEP

    12288:o5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4o:oyHv5Z+Wzv7AiBll0OBWi6si9GZ

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\105ca242058718ebe3d9f1ce09cb9212fc7f114896dc4c74a7b4d5bc7bbdfce9.exe
    "C:\Users\Admin\AppData\Local\Temp\105ca242058718ebe3d9f1ce09cb9212fc7f114896dc4c74a7b4d5bc7bbdfce9.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\105ca242058718ebe3d9f1ce09cb9212fc7f114896dc4c74a7b4d5bc7bbdfce9.exe
      "C:\Users\Admin\AppData\Local\Temp\105ca242058718ebe3d9f1ce09cb9212fc7f114896dc4c74a7b4d5bc7bbdfce9.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1104

Network

  • flag-unknown
    DNS
    9aecqu663bjgnvs.i4fzg09.com
    105ca242058718ebe3d9f1ce09cb9212fc7f114896dc4c74a7b4d5bc7bbdfce9.exe
    Remote address:
    8.8.8.8:53
    Request
    9aecqu663bjgnvs.i4fzg09.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    9aecqu663bjgnvs.i4fzg09.com
    dns
    105ca242058718ebe3d9f1ce09cb9212fc7f114896dc4c74a7b4d5bc7bbdfce9.exe
    73 B
     146 B
     1
    1

    DNS Request

    9aecqu663bjgnvs.i4fzg09.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1104-54-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1104-55-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1104-57-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1104-58-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1104-61-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1104-62-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1104-63-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1104-64-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1104-65-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/1104-66-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.