Analysis

  • max time kernel
    157s
  • max time network
    207s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 03:29

General

  • Target

    e42273096fdf9a2fe3f19911ad246c726b238f89b3f7a11ba87586a12440910b.exe

  • Size

    749KB

  • MD5

    199d3d3d28764450aa003d962ea103c3

  • SHA1

    84d8313d7d2420055123521e2c8d026e65654c38

  • SHA256

    e42273096fdf9a2fe3f19911ad246c726b238f89b3f7a11ba87586a12440910b

  • SHA512

    91754cfa85d9807d7a2a51782dadeed8709e40f8be5bda521d50222c4c7053a9b4159c0fc03d9fb17af12440583e8e82a9252164d6be5a0d262c772699d5b7f4

  • SSDEEP

    12288:ZRYB8nRXxsZNmPKvRobx6njqmhbIPvYGiLGvNQSGdk1jTj862edcwmNJXLH2ik7d:ZRYBGimiHemlCYGiLsQSGdk5TH2edc9m

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e42273096fdf9a2fe3f19911ad246c726b238f89b3f7a11ba87586a12440910b.exe
    "C:\Users\Admin\AppData\Local\Temp\e42273096fdf9a2fe3f19911ad246c726b238f89b3f7a11ba87586a12440910b.exe"
    1⤵
    • Adds Run key to start application
    PID:1648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1648-54-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

    Filesize

    8KB

  • memory/1648-55-0x0000000000400000-0x0000000000618000-memory.dmp

    Filesize

    2.1MB

  • memory/1648-57-0x0000000000400000-0x0000000000618000-memory.dmp

    Filesize

    2.1MB

  • memory/1648-58-0x0000000000400000-0x0000000000618000-memory.dmp

    Filesize

    2.1MB

  • memory/1648-59-0x0000000000400000-0x0000000000618000-memory.dmp

    Filesize

    2.1MB