Overview

overview

7

Static

static

3

877_de.exe

windows10-2004-x64

7

Resubmissions

25/04/2023, 16:11

230425-tmxqwsdc6w 7

25/04/2023, 15:53

230425-tbzq4sbc64 7

25/04/2023, 14:27

230425-rsv35sag93 7

25/04/2023, 14:26

230425-rrwchsag87 7

Analysis

  • max time kernel
    297s
  • max time network
    295s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/04/2023, 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    877_de.exe

  • Size

    45KB

  • MD5

    6cda54d3bc470583ac95532119570ffe

  • SHA1

    37bb75119cf20d775265fc56dd9843e9a57fb205

  • SHA256

    923e95b7ca5559b47d2c12a4c75a540943266aa39cde60c3a629a95a6b85a0a3

  • SHA512

    65cc0e85931d237f92261be586a31e1e75963267ba6c518fbf55e6d5fa35c72f94fff5107e2d54c8d34dbf576a52861042e93601e1a136844ade5f98ad2089f2

  • SSDEEP

    768:3KHHfuj+ZHaIQB9uz7SXnJHw+NVTGzxpHWilnSFIy1DYVugsTTm8oZrzqJIEo1iN:aHK+ZHaTXNZOxpZTy1IsTTm84rzr1lNY

Score
7/10
persistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\877_de.exe
    "C:\Users\Admin\AppData\Local\Temp\877_de.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\ink\bg-BG\kmqb.exe
    Filesize

    45KB

    MD5

    6cda54d3bc470583ac95532119570ffe

    SHA1

    37bb75119cf20d775265fc56dd9843e9a57fb205

    SHA256

    923e95b7ca5559b47d2c12a4c75a540943266aa39cde60c3a629a95a6b85a0a3

    SHA512

    65cc0e85931d237f92261be586a31e1e75963267ba6c518fbf55e6d5fa35c72f94fff5107e2d54c8d34dbf576a52861042e93601e1a136844ade5f98ad2089f2

    Download Submit

  • C:\Windows\SysWOW64\vjpc.dll
    Filesize

    9KB

    MD5

    9f69bf9c221dd2ad4dc39a519e2a051d

    SHA1

    82522a1f4f60dae639d6bca1446af70a469d3887

    SHA256

    29a0ecacce0bd9981fb289c130f1b0b816458f1a46fe7dc2db7b77317b8e97ab

    SHA512

    d6f556a13cf12d61776115e570d298bfef1030db39be96ed9d222ffdaa2441364e7c7a6e02d393fb55d8137db25e8b9eb41afc4b9a6349f93e4ec2059b84da7c

    Download Submit

  • memory/2672-139-0x0000000000500000-0x000000000050C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2672-140-0x0000000075000000-0x0000000075007000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2672-225-0x0000000004370000-0x0000000004978000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2672-291-0x0000000000500000-0x000000000050C000-memory.dmp

    Filesize

    48KB

    Download