Overview

overview

8

Static

static

8

8f95f1e17a...22.exe

windows7-x64

8

8f95f1e17a...22.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    256s
  • max time network
    336s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 19:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8f95f1e17a9b34993dfbdf3e51c983a5d49e7b74deaec82bd08910063cbde222.exe

  • Size

    128KB

  • MD5

    8e3f985fde98705c7fde09193b305f7a

  • SHA1

    727b21be0878ead527cd8b651b2417a2f5558f92

  • SHA256

    8f95f1e17a9b34993dfbdf3e51c983a5d49e7b74deaec82bd08910063cbde222

  • SHA512

    55039c6b03041fcf0e921aca77c67c0c1b3c510a503519b9bc0d5f25cedc6472a12abfe2e0183640409849778a9a51e36cdf619f15c803a706143aaec6e349db

  • SSDEEP

    1536:aZM5GODrwEpkYdZFoVP5mv+dHt8m8c0w2Aeq1KJUYvyxd8ngyKggbcWKIU:aG5GOfwExCk+dN85vdYyK/bW

Score
8/10
persistenceupx

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 3 IoCs
    persistence
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f95f1e17a9b34993dfbdf3e51c983a5d49e7b74deaec82bd08910063cbde222.exe
    "C:\Users\Admin\AppData\Local\Temp\8f95f1e17a9b34993dfbdf3e51c983a5d49e7b74deaec82bd08910063cbde222.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:556

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\7BCD04FC.tmp
          Filesize

          128KB

          MD5

          d169c0426e62ebb091045e28faa0622b

          SHA1

          fa99c4ddbced44e7e5d029eba2e010dae61f46c2

          SHA256

          ce565b49bc5a5b19d488855462b64a57ca8ae8645695f47bb6abf94d1f725b0d

          SHA512

          118264fd2451dde7614cea4bc13bf559c842d18e7e9df487e45f83e49a8c1cad8b76da2ba05ca90743b033f2db3f99b5742727bcda31a226b7caabe3bbd0f89d

          Download Submit

        • memory/556-54-0x0000000074E61000-0x0000000074E63000-memory.dmp

          Filesize

          8KB

          Download

        • memory/556-56-0x0000000000EB0000-0x0000000000ED4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/556-57-0x00000000022E0000-0x00000000062E0000-memory.dmp

          Filesize

          64.0MB

          Download

        • memory/556-58-0x0000000076180000-0x00000000761E0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/556-59-0x00000000747B0000-0x00000000747D4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/556-60-0x00000000022E0000-0x00000000062E0000-memory.dmp

          Filesize

          64.0MB

          Download

        • memory/556-61-0x0000000076180000-0x00000000761E0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/556-62-0x00000000747B0000-0x00000000747D4000-memory.dmp

          Filesize

          144KB

          Download