Overview

overview

8

Static

static

8

49e492320f...0a.exe

windows7-x64

8

49e492320f...0a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49e492320f8d038fbe4002436a6b7c7178d4947ca426d444f1a86fc1096c730a.exe

  • Size

    28KB

  • MD5

    041552a11fb37f818e2704a1ea567060

  • SHA1

    854d19c0fb09118ecf446aa94b1acac1a1ca1c45

  • SHA256

    49e492320f8d038fbe4002436a6b7c7178d4947ca426d444f1a86fc1096c730a

  • SHA512

    c2f001989c52f5a26e449152d09281d146ae6ddca2386faa1d746912477aa213b2e9e67be70232fc58ac10303c542e320a3e4553c1c75ff79f6ddc98d008a3fe

  • SSDEEP

    384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNUr2P+:Dv8IRRdsxq1DjJcqf5O+

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49e492320f8d038fbe4002436a6b7c7178d4947ca426d444f1a86fc1096c730a.exe
    "C:\Users\Admin\AppData\Local\Temp\49e492320f8d038fbe4002436a6b7c7178d4947ca426d444f1a86fc1096c730a.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4044
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:204

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    ebd5974d43fd7f1b95074f11fb739bc9

    SHA1

    47262157ce0d7f276372bbc0b948ce3a7e4c6fb4

    SHA256

    f49dead28c7296e51083b98a37f1fd0f9715304320ded8a5fd46206c34721b71

    SHA512

    a342bf41f2cb4f545eb929ff900db0d8a17583d30bde159cce912afb0e0e4bef3b66c52e771c1fc33b5bdb5aa9b0d92abddb5fd07bd451b2442e60e78c31971c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    fc96b295c5de8042620fd588406b7444

    SHA1

    686a2dcf12a4474b7673bbaa5d56ce5f0122a5ef

    SHA256

    dc7388447472d611fbb2bc7de415f9f919cbe1d7999aa33fbfa08fddf2bfc980

    SHA512

    8ac52c6c24c31ab49fb305447c739695f605b4408fb741cc4dc356a419709b061cd1bd0a9f464e8f1ee02951595792a491399ef7fbed66c10bc6e7d7730e70fa

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/204-136-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/204-138-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4044-135-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download