Overview

overview

8

Static

static

8

246f8731c4...6b.exe

windows7-x64

8

246f8731c4...6b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    168s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    246f8731c4021c3c9bb7cdc53f72ae98a9fa01cc38e6bddaf0db08eb2c22376b.exe

  • Size

    49KB

  • MD5

    437161136f557dd8aa12ae9a02492630

  • SHA1

    7f943b0d89b6f7ca2eabf48a59210608857f8361

  • SHA256

    246f8731c4021c3c9bb7cdc53f72ae98a9fa01cc38e6bddaf0db08eb2c22376b

  • SHA512

    95bdf701b33b8993d1bfcdd75ec8da45e607f89fddc0105f5af730cf21ceb4d3589819bef734262594da319a8a2a8c930b16626d8e5ed354eb12cbc755cef42e

  • SSDEEP

    1536:91QPAzA0bWaBr6Dyc+dv+MdeqvswW7WurRd3:91QPYbD6D52mFqvsn7Vd3

Score
8/10
upxvmprotect

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\246f8731c4021c3c9bb7cdc53f72ae98a9fa01cc38e6bddaf0db08eb2c22376b.exe
    "C:\Users\Admin\AppData\Local\Temp\246f8731c4021c3c9bb7cdc53f72ae98a9fa01cc38e6bddaf0db08eb2c22376b.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4632
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\uisad.bat
      2⤵
        PID:3748

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\bnsspx.dll
      Filesize

      52KB

      MD5

      b1c65f5eee9c0ac609e79a3b7fb92bf1

      SHA1

      a87a15f7ef332e87e34aeef19c62499957c2dceb

      SHA256

      1d9d140865cddc93e7e021d6f185812eff1f1f19f76e6a0d90030511ff8d4037

      SHA512

      9fb52f6b5dfc3eeff9b74d818ade74b7a4f2bb8694e89ead48c42e1994474a7b185379712424711c36a53c5fa9482a4a568fc23086f9279c5a872ac09c802d1c

      Download Submit
    • \??\c:\uisad.bat
      Filesize

      249B

      MD5

      9cbe296331a52c92fccd3b985403c2f7

      SHA1

      e7bd82f72516bb899e1afe9440443580445f5294

      SHA256

      b89ff2ebcc13edb467b0247f8d7e938d8b07bf0c9cdcb21dc1d053626a18fb04

      SHA512

      c103d76d2bfa986aabac5f8a925d5dd6bc9fbe062659e45353fec4e00780ccea0d5dacdd3b79a5252a72885ec57652bf150b34e1c4f751343d2a676bdf8778c4

      Download Submit
    • memory/3748-135-0x0000000000000000-mapping.dmp
      Download
    • memory/4632-132-0x0000000000400000-0x0000000000416000-memory.dmp
      Filesize

      88KB

      Download
    • memory/4632-133-0x0000000000400000-0x0000000000416000-memory.dmp
      Filesize

      88KB

      Download
    • memory/4632-136-0x0000000000400000-0x0000000000416000-memory.dmp
      Filesize

      88KB

      Download