Overview

overview

8

Static

static

8

bc0a80918b...35.exe

windows7-x64

8

bc0a80918b...35.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc0a80918b14d38f66456bdb182c7aa5fc1b3b2ad5c03915e3a6e54712d83d35.exe

  • Size

    403KB

  • MD5

    b6edc08bc712194d7853490cf0fc639c

  • SHA1

    dd201207c8d186effe6fe56fd875ff592ef88178

  • SHA256

    bc0a80918b14d38f66456bdb182c7aa5fc1b3b2ad5c03915e3a6e54712d83d35

  • SHA512

    8b18a4bed531bccdb2a8606c9f5bfdb132eab32a7efeadb5d6c422fe5a48821b31d7579411571021aa9169543d29410c50d8e5bb46dd04fc5113501ba163c4ae

  • SSDEEP

    12288:ZSeomE7ZkRjiF9wwWbXuMAhpBCjdYHqrnGQiRhJJ:weNE7igleYDBGYKDGphJ

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc0a80918b14d38f66456bdb182c7aa5fc1b3b2ad5c03915e3a6e54712d83d35.exe
    "C:\Users\Admin\AppData\Local\Temp\bc0a80918b14d38f66456bdb182c7aa5fc1b3b2ad5c03915e3a6e54712d83d35.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Users\Admin\AppData\Local\Temp\bc0a80918b14d38f66456bdb182c7aa5fc1b3b2ad5c03915e3a6e54712d83d35.exe
      C:\Users\Admin\AppData\Local\Temp\bc0a80918b14d38f66456bdb182c7aa5fc1b3b2ad5c03915e3a6e54712d83d35.exe
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2016
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x468
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\bm422F.tmp
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • memory/1356-69-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/1356-72-0x00000000003D0000-0x00000000003D5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1356-71-0x0000000000670000-0x00000000006B4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2016-60-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2016-63-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2016-70-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2016-66-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2016-54-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2016-57-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2016-55-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2016-74-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2016-75-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download