Overview

overview

8

Static

static

c97ca9f2c3...e5.exe

windows7-x64

8

c97ca9f2c3...e5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    27s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 17:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c97ca9f2c3b9a9f7770c669bf0afb0184dc6c53669ff45c92b53ab62d9f7a5e5.exe

  • Size

    66KB

  • MD5

    b99f372ea7abbdcdc98a772f092d05e1

  • SHA1

    837de335e3445fc97cfd609721fca53cb10e31ef

  • SHA256

    c97ca9f2c3b9a9f7770c669bf0afb0184dc6c53669ff45c92b53ab62d9f7a5e5

  • SHA512

    b3cbb510c34cdd0a1dedccac4969a129833d5f05b14d591cc824cf50a6c29a0a34e97df6dd40a09cc97133d20b20d0544c23911d3bc750fe3bc1c7472cbfaf5f

  • SSDEEP

    1536:kbEt26/jLp82dpNikzPQuHuLKxUiRKNCri+EdjyEW7:jT/5PN/i3tQrHEhyEW7

Score
8/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c97ca9f2c3b9a9f7770c669bf0afb0184dc6c53669ff45c92b53ab62d9f7a5e5.exe
    "C:\Users\Admin\AppData\Local\Temp\c97ca9f2c3b9a9f7770c669bf0afb0184dc6c53669ff45c92b53ab62d9f7a5e5.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Windows\SysWOW64\regedit.exe
      regedit /s "C:\Users\Admin\AppData\Local\Temp\Certificates.reg"
      2⤵
      • Runs .reg file with regedit
      PID:896
    • C:\Users\Admin\AppData\Local\Temp\c97ca9f2c3b9a9f7770c669bf0afb0184dc6c53669ff45c92b53ab62d9f7a5e5.exe
      C:\Users\Admin\AppData\Local\Temp\c97ca9f2c3b9a9f7770c669bf0afb0184dc6c53669ff45c92b53ab62d9f7a5e5.exe
      2⤵
        PID:1072

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\Certificates.reg
            Filesize

            10KB

            MD5

            8a6f74c3b2c9e752bf85259e383e9555

            SHA1

            fd6b9587350685fa60d0e3126913e76cbdd1ee0a

            SHA256

            b142b3d5d587b1b489373dbff6689547da0428fc72e889ac29fd0e259ff7c4e3

            SHA512

            93861ace47838b0fe066ec42c29c969e3df9c333bc76ef0e071a54a04117c9683546eeed2da6e8209f4067c94735438e6511c73aef1d84d1b162ae799e841677

            Download Submit

          • memory/896-60-0x0000000075D01000-0x0000000075D03000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1072-55-0x0000000010000000-0x000000001004D000-memory.dmp

            Filesize

            308KB

            Download

          • memory/1072-56-0x0000000010000000-0x000000001004D000-memory.dmp

            Filesize

            308KB

            Download

          • memory/1072-59-0x0000000010000000-0x000000001004D000-memory.dmp

            Filesize

            308KB

            Download

          • memory/1072-62-0x0000000010000000-0x000000001004D000-memory.dmp

            Filesize

            308KB

            Download