Overview

overview

8

Static

static

f7c96192bd...78.exe

windows7-x64

8

f7c96192bd...78.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 02:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7c96192bdf6b51bb46588a6601196253a5abce083eb8afff793f523dca8f578.exe

  • Size

    1.1MB

  • MD5

    065ab35507815599b533bc5fb5c8843d

  • SHA1

    5ea0410472228936a8574cb900d2ec9b9417e13d

  • SHA256

    f7c96192bdf6b51bb46588a6601196253a5abce083eb8afff793f523dca8f578

  • SHA512

    4866063ea24915de842d844b8b0c802bdb875d6f4d271deb155be074ed8179c676d3063f05f6152a47a19b026cdd8ad9847f3f64ee47946c13b1af5deeebda6f

  • SSDEEP

    24576:YSrIg9yu8nidH4wz4ToE1w9Hq8p8yyX/40QfAjGBd:Nr1enw4m4z1/8p8y+/408Bd

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7c96192bdf6b51bb46588a6601196253a5abce083eb8afff793f523dca8f578.exe
    "C:\Users\Admin\AppData\Local\Temp\f7c96192bdf6b51bb46588a6601196253a5abce083eb8afff793f523dca8f578.exe"
    1⤵
    • Adds Run key to start application
    PID:1456

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1456-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1456-55-0x0000000000400000-0x0000000000671000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1456-57-0x0000000000400000-0x0000000000671000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1456-58-0x0000000000400000-0x0000000000671000-memory.dmp

    Filesize

    2.4MB

    Download