Overview

overview

8

Static

static

8

617b49967b...37.exe

windows7-x64

8

617b49967b...37.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    162s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    617b49967b344118cc68867521c69df11b05b957f6278b3a3743feae00b49237.exe

  • Size

    28KB

  • MD5

    47f9a0351fda87806182eae6bc2c37b3

  • SHA1

    7a84b8c6d63429888069b760e3d9333f168aa45e

  • SHA256

    617b49967b344118cc68867521c69df11b05b957f6278b3a3743feae00b49237

  • SHA512

    e921bdaca71a9e0264a7178e7321600c245ecbda41844442c230bfb28bb056dfb8436464b37408d12a18668a2ed53806a694568a9709529df4caf23430a60346

  • SSDEEP

    384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNAC:Dv8IRRdsxq1DjJcqfA

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\617b49967b344118cc68867521c69df11b05b957f6278b3a3743feae00b49237.exe
    "C:\Users\Admin\AppData\Local\Temp\617b49967b344118cc68867521c69df11b05b957f6278b3a3743feae00b49237.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:5064

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    b417db854745152a783b6d1084e24b7a

    SHA1

    045b229d9de69add88d80bb29b14387cec64e8de

    SHA256

    d6d6c02e7f5cd50fff8ba7fca11e1c730f464656f25c2f7ca34c60e006b14a7c

    SHA512

    1bd88a2e5cbb9e77a8adcc4d2d9938ecd502f5217392e92f1ddb25daf28ffaa5b652a994e56f420e167163840f7fd545a3dd28fa970f5e63f027a6f088244fa0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    47aad6160441313787ecbb6771b236f8

    SHA1

    626b964ecae912720039902ad7a24e68375724f9

    SHA256

    b29a0be57dccec9a0b9cb15c02ac0bf6207645df208539177e799c6062a993f8

    SHA512

    619b2e28e24078196b4af461bb6b386e0882a97b05ebabaed4bbd5ad749e467f8f08d7436c99a92a7a7106a77213fcec3a6a054eaa78c64a570c33e5613860e4

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/1812-136-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5064-137-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/5064-138-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download