Overview

overview

9

Static

static

8

b095b6ac84...c0.exe

windows7-x64

9

b095b6ac84...c0.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    92s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 22:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b095b6ac84c23f724d54a87a2fe93b047c568f68ed2a77a7daba9a422fb6eac0.exe

  • Size

    528KB

  • MD5

    da5cb70ca520bbbbee81f6a84f8e98e4

  • SHA1

    43663e04a91a1fefc6acb576d4aeeff00af18464

  • SHA256

    b095b6ac84c23f724d54a87a2fe93b047c568f68ed2a77a7daba9a422fb6eac0

  • SHA512

    08feb2cbaa1286bedfe98fd7e6728eae85211eb12959af6489187c1e49e1397357ec38681be0e6eb62b4123a38c87d742aa0e1f0da694f1f0aa66014e8c06e92

  • SSDEEP

    12288:hQpikUg8RfE2P2hekUFOtWRJlgOkno3KPfU:22P206kTlgZouc

Score
9/10
evasionupx

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b095b6ac84c23f724d54a87a2fe93b047c568f68ed2a77a7daba9a422fb6eac0.exe
    "C:\Users\Admin\AppData\Local\Temp\b095b6ac84c23f724d54a87a2fe93b047c568f68ed2a77a7daba9a422fb6eac0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Users\Admin\AppData\Local\Temp\b095b6ac84c23f724d54a87a2fe93b047c568f68ed2a77a7daba9a422fb6eac0.exe
      C:\Users\Admin\AppData\Local\Temp\b095b6ac84c23f724d54a87a2fe93b047c568f68ed2a77a7daba9a422fb6eac0.exe
      2⤵
      • Enumerates VirtualBox registry keys
      • Suspicious behavior: EnumeratesProcesses
      PID:4960
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 552
        3⤵
        • Program crash
        PID:1052
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4960 -ip 4960
    1⤵
      PID:4936

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4452-132-0x0000000000400000-0x00000000004CB000-memory.dmp

            Filesize

            812KB

            Download

          • memory/4452-146-0x0000000000400000-0x00000000004CB000-memory.dmp

            Filesize

            812KB

            Download

          • memory/4960-138-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-135-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-136-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-137-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-134-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-141-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-140-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-142-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-139-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-143-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-144-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download

          • memory/4960-147-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download