7ccda29962346c5be332fc6507324cd9b9152a5760720ad046b0a242439c24ea

Analysis

max time kernel
175s
max time network
191s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30/11/2022, 23:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7ccda29962346c5be332fc6507324cd9b9152a5760720ad046b0a242439c24ea.exe
Size

34KB
MD5

87ce1cb31ce616fe9cb151596e55182f
SHA1

afc859ae99e185b2291453accd90846d8dbc7b5b
SHA256

7ccda29962346c5be332fc6507324cd9b9152a5760720ad046b0a242439c24ea
SHA512

a6bd60f6822d8dbe8a997bd2d970e8b5620bab6c69368c5a2d63b129ebe43ee980eeb24196f774f68d1fd711c1472965cbdbc61c7741184c41f4173c5dd8743d
SSDEEP

768:SCIqdH/k1ZVcT194jp4Tmh/jpCwhW2NOzgwL:SNqaLV8a6K1NwH

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1984-54-0x0000000000800000-0x000000000080D000-memory.dmp	upx
behavioral1/memory/1984-56-0x0000000000800000-0x000000000080D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	7ccda29962346c5be332fc6507324cd9b9152a5760720ad046b0a242439c24ea.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	7ccda29962346c5be332fc6507324cd9b9152a5760720ad046b0a242439c24ea.exe
File created	C:\Windows\lsass.exe	7ccda29962346c5be332fc6507324cd9b9152a5760720ad046b0a242439c24ea.exe

C:\Users\Admin\AppData\Local\Temp\7ccda29962346c5be332fc6507324cd9b9152a5760720ad046b0a242439c24ea.exe
"C:\Users\Admin\AppData\Local\Temp\7ccda29962346c5be332fc6507324cd9b9152a5760720ad046b0a242439c24ea.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1984

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-54-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download
memory/1984-55-0x0000000075761000-0x0000000075763000-memory.dmp

Filesize
8KB

Download
memory/1984-56-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download