Overview

overview

8

Static

static

8

dbe85bc7ec...ae.exe

windows7-x64

8

dbe85bc7ec...ae.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    170s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/12/2022, 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbe85bc7eca62f53d553b6b5ae6a0387dbae71f02d1caf014a78f8b2580723ae.exe

  • Size

    212KB

  • MD5

    dde62651d20d9b8b386b69c9bbb6b1c1

  • SHA1

    6a70a8ff79f53da5954eb6f6fd0f9823710e515b

  • SHA256

    dbe85bc7eca62f53d553b6b5ae6a0387dbae71f02d1caf014a78f8b2580723ae

  • SHA512

    c4bf277723690faf81d6e6cfecccafc62790e24f371a76f18bc14b6749814c3e488d314f005fc3b88b7e4870fe348f89b134887426956d242de00b1ff101ad58

  • SSDEEP

    6144:4ICuxZG0zmll5inya4jE8lPP+YWNwjQ7M:XnG0zgl4nyailHrWN1

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbe85bc7eca62f53d553b6b5ae6a0387dbae71f02d1caf014a78f8b2580723ae.exe
    "C:\Users\Admin\AppData\Local\Temp\dbe85bc7eca62f53d553b6b5ae6a0387dbae71f02d1caf014a78f8b2580723ae.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Windows\Ijapia.exe
      C:\Windows\Ijapia.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:4728
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 692
        3⤵
        • Program crash
        PID:2124
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4728 -ip 4728
    1⤵
      PID:2260

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Ijapia.exe
      Filesize

      212KB

      MD5

      dde62651d20d9b8b386b69c9bbb6b1c1

      SHA1

      6a70a8ff79f53da5954eb6f6fd0f9823710e515b

      SHA256

      dbe85bc7eca62f53d553b6b5ae6a0387dbae71f02d1caf014a78f8b2580723ae

      SHA512

      c4bf277723690faf81d6e6cfecccafc62790e24f371a76f18bc14b6749814c3e488d314f005fc3b88b7e4870fe348f89b134887426956d242de00b1ff101ad58

      Download Submit

    • C:\Windows\Ijapia.exe
      Filesize

      212KB

      MD5

      dde62651d20d9b8b386b69c9bbb6b1c1

      SHA1

      6a70a8ff79f53da5954eb6f6fd0f9823710e515b

      SHA256

      dbe85bc7eca62f53d553b6b5ae6a0387dbae71f02d1caf014a78f8b2580723ae

      SHA512

      c4bf277723690faf81d6e6cfecccafc62790e24f371a76f18bc14b6749814c3e488d314f005fc3b88b7e4870fe348f89b134887426956d242de00b1ff101ad58

      Download Submit

    • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
      Filesize

      426B

      MD5

      03ca7be5b408b69732c024d2494a8a34

      SHA1

      2696c3a61e687da51f0bf4ec2039b0c026ff5e59

      SHA256

      ca7fa0bb86932af6ea47cee3683e4a1db7b516a6a748cf97d3726d8eee4a3e58

      SHA512

      9b9249e1e5e3b24a5af1a659977176ca3bffcba33c130f39959a9c2b0e348a51e882128e7f389bf191175c467c5d95410c5b7e9c7320f3418c35976f9025dc13

      Download Submit

    • memory/4556-132-0x0000000000400000-0x0000000000471000-memory.dmp

      Filesize

      452KB

      Download

    • memory/4556-135-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4556-136-0x0000000000400000-0x0000000000471000-memory.dmp

      Filesize

      452KB

      Download

    • memory/4556-146-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4728-140-0x0000000000400000-0x0000000000471000-memory.dmp

      Filesize

      452KB

      Download

    • memory/4728-145-0x0000000000400000-0x0000000000471000-memory.dmp

      Filesize

      452KB

      Download

    • memory/4728-147-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download