Overview

overview

8

Static

static

8

EditServer.exe

windows7-x64

8

EditServer.exe

windows10-2004-x64

8

ICQMAPI.dll

windows7-x64

1

ICQMAPI.dll

windows10-2004-x64

1

SubSeven.exe

windows7-x64

8

SubSeven.exe

windows10-2004-x64

8

server.exe

windows7-x64

8

server.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SubSeven.exe

  • Size

    613KB

  • MD5

    26c122a016edb38cb80d9fa9e27220a3

  • SHA1

    8431819a3e29ecaf65dc3ed4dc0443aa67248fee

  • SHA256

    094ecd3d627f1e563889e15e4f2d1042bd54db9d9bb130d9ffced73a893a9240

  • SHA512

    e5b827a1ca74c3ce35c6664b245e847033bc8db02505348fc5a50639c74e64b7d79940a37fef61da88c1991ed50cf015c53f7564f2a141c4aae876ecc605e167

  • SSDEEP

    12288:CdMRAM+z2pPi05svs2+4zQgkxFkybdL1nAw4f4wxiHp1gNyl/+zjyquLAMY:CdWp6bvHzX+n/m4wxQT+2WhVp

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SubSeven.exe
    "C:\Users\Admin\AppData\Local\Temp\SubSeven.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/456-132-0x0000000000400000-0x00000000005EE000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/456-133-0x0000000000400000-0x00000000005EE000-memory.dmp

    Filesize

    1.9MB

    Download