Overview

overview

8

Static

static

b0d0ed338f...82.exe

windows7-x64

8

b0d0ed338f...82.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2022, 18:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b0d0ed338f6f4c0eccdb221c400198cea90ab061b209b497349bb22d06aae282.exe

  • Size

    744KB

  • MD5

    5d6c8c324388b67cf73c77c4dd89a15e

  • SHA1

    bbdc40b457755d92146da658a5adda077c09b80b

  • SHA256

    b0d0ed338f6f4c0eccdb221c400198cea90ab061b209b497349bb22d06aae282

  • SHA512

    8e89be117fded8906674c5f390f31e2ac37e1da700f01ee4ca3e13c1804b2042f8016244260ad9d7b8f4de4f948c6ae7f9234f628a8f6da0aa237f5470282a25

  • SSDEEP

    12288:/Ux9/feGbW8KmGd6qUuOGjzAFTDXc/WAOqH+Za2DgCyb9IQMUYkg2Bb:w/GsWYGbYc/WAOU+TD9fhCg2Bb

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0d0ed338f6f4c0eccdb221c400198cea90ab061b209b497349bb22d06aae282.exe
    "C:\Users\Admin\AppData\Local\Temp\b0d0ed338f6f4c0eccdb221c400198cea90ab061b209b497349bb22d06aae282.exe"
    1⤵
    • Adds Run key to start application
    PID:1504

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1504-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1504-55-0x0000000000400000-0x0000000000615000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1504-57-0x0000000000400000-0x0000000000615000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1504-58-0x0000000000400000-0x0000000000615000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1504-59-0x0000000000400000-0x0000000000615000-memory.dmp

          Filesize

          2.1MB

          Download