Overview

overview

8

Static

static

8

b76a1a52ad...0b.exe

windows7-x64

8

b76a1a52ad...0b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    109s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b.exe

  • Size

    147KB

  • MD5

    f12c53bb735ef8b6a89fd03bcf738a6b

  • SHA1

    90162122b5aff70843011dff91782b7a29f9b27e

  • SHA256

    b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b

  • SHA512

    60e05a423735cc798327369dcc745eb9b0d7eb538c3c88cec141c35c05f9a9b6cade75292cc132e4ad13469d49ce9fc0933b5e47d75be1cde48471a1d23698eb

  • SSDEEP

    3072:a4f/MwMHjvsMbnrFnioT6eYu1CIFaB34ul+ezrddTSdFEJ3jWO8bCbOLHD7gbO6X:AZzWoT6RA41J7zrddtsbCbcHD7c1

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b.exe
    "C:\Users\Admin\AppData\Local\Temp\b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Windows\msa.exe
      C:\Windows\msa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:848

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    408B

    MD5

    5663450fcb955bb4df2dac2c5263c0bc

    SHA1

    ed818e73df4583f8c5028e6679dd6489478bd427

    SHA256

    4ef951572bed63fe5f135c6781ba8de03dc43b0f7b9690e6ad418f5cb139d61d

    SHA512

    6068de3e449485df484dc9a6784562721a99c3588b7913f1591cc0fc863797fde4ec876208b27720de3d6a1a725ee9f6b9129923b346ea36961f49c047ea77e1

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    147KB

    MD5

    f12c53bb735ef8b6a89fd03bcf738a6b

    SHA1

    90162122b5aff70843011dff91782b7a29f9b27e

    SHA256

    b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b

    SHA512

    60e05a423735cc798327369dcc745eb9b0d7eb538c3c88cec141c35c05f9a9b6cade75292cc132e4ad13469d49ce9fc0933b5e47d75be1cde48471a1d23698eb

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    147KB

    MD5

    f12c53bb735ef8b6a89fd03bcf738a6b

    SHA1

    90162122b5aff70843011dff91782b7a29f9b27e

    SHA256

    b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b

    SHA512

    60e05a423735cc798327369dcc745eb9b0d7eb538c3c88cec141c35c05f9a9b6cade75292cc132e4ad13469d49ce9fc0933b5e47d75be1cde48471a1d23698eb

    Download Submit

  • memory/848-63-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/848-65-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1268-54-0x0000000076531000-0x0000000076533000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1268-55-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1268-56-0x00000000001B0000-0x00000000001B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1268-57-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1268-58-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1268-64-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download