Overview

overview

8

Static

static

ba075d04de...34.exe

windows7-x64

8

ba075d04de...34.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    155s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 15:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ba075d04de90538fe7c19581beb929886812fbc13cc04cee6d5e138037032934.exe

  • Size

    519KB

  • MD5

    12f53a7a10c4d8d3efdb53f94fc33f7e

  • SHA1

    8ae14b74c1b2222b916de51b56236f0be09c1fcc

  • SHA256

    ba075d04de90538fe7c19581beb929886812fbc13cc04cee6d5e138037032934

  • SHA512

    6e282a412c9ee0bb8b6d10e153c66df2d1ab5f01e0d71a32739ff58e4c00b4fd5333810e853099b2a23ef7d17ea06d90288f129d4f388ec52a7b2cb71bdd95ee

  • SSDEEP

    12288:1oLYDoBKTgiZLc1tUisq18M4Gh2/0H+7iI+IazCaNwJ/v0:ts0giT7qKhGhpnI1naCv

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba075d04de90538fe7c19581beb929886812fbc13cc04cee6d5e138037032934.exe
    "C:\Users\Admin\AppData\Local\Temp\ba075d04de90538fe7c19581beb929886812fbc13cc04cee6d5e138037032934.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\ProgramData\cN06511FaDeK06511\cN06511FaDeK06511.exe
      "C:\ProgramData\cN06511FaDeK06511\cN06511FaDeK06511.exe" "C:\Users\Admin\AppData\Local\Temp\ba075d04de90538fe7c19581beb929886812fbc13cc04cee6d5e138037032934.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4968

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\cN06511FaDeK06511\cN06511FaDeK06511.exe
          Filesize

          519KB

          MD5

          ba3aa190a73de876ab2700355b1a24e4

          SHA1

          437cbb234fcc9e206911857c278acff49902f074

          SHA256

          582e431da48485e13fa26d9b4415a84cf7aa2536ebe13711dc213f883ed6f8cd

          SHA512

          e4d90d0facc4b719418cdb3f0302d9f9cad44aa47dbfb8fc0a08821a60af9ffaba09ca3e86b4f980a2d1ae8a01f181c55b5c812718e75f9e512cc62471dc84ec

          Download Submit

        • C:\ProgramData\cN06511FaDeK06511\cN06511FaDeK06511.exe
          Filesize

          519KB

          MD5

          ba3aa190a73de876ab2700355b1a24e4

          SHA1

          437cbb234fcc9e206911857c278acff49902f074

          SHA256

          582e431da48485e13fa26d9b4415a84cf7aa2536ebe13711dc213f883ed6f8cd

          SHA512

          e4d90d0facc4b719418cdb3f0302d9f9cad44aa47dbfb8fc0a08821a60af9ffaba09ca3e86b4f980a2d1ae8a01f181c55b5c812718e75f9e512cc62471dc84ec

          Download Submit

        • memory/1080-132-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/1080-133-0x0000000000564000-0x00000000005AE000-memory.dmp

          Filesize

          296KB

          Download

        • memory/1080-137-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/4968-138-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/4968-139-0x0000000000584000-0x00000000005CE000-memory.dmp

          Filesize

          296KB

          Download

        • memory/4968-140-0x0000000000584000-0x00000000005CE000-memory.dmp

          Filesize

          296KB

          Download