Overview

overview

10

Static

static

10

CLOSING UP.zip

windows7-x64

1

CLOSING UP.zip

windows10-2004-x64

1

CLOSING UP.zip

windows7-x64

1

CLOSING UP.zip

windows10-2004-x64

1

CLOSING UP.exe

windows7-x64

3

CLOSING UP.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    388s
  • max time network
    393s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2023 00:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CLOSING UP.exe

  • Size

    2.3MB

  • MD5

    b0fde4f856305f4f38d1accca45f7e7f

  • SHA1

    45c239a1f20675204988c47e5ab7f3347bd96370

  • SHA256

    fd5b77188dba2d589addf9bd1931c71b2ff80632bc620f8d472d76827b56dc41

  • SHA512

    b0b3715847f6dd52a54ffbe55891ea3362a252ff2db138171adf6fd69aee69227408b4b2b93ed89438df7c5844c933ea2d44122d656156c566890d821b4bab52

  • SSDEEP

    49152:1kWk5cS7a+9XYaQaZehc4mTYJ78V9gyBn4cdfmP/SA8N:BajJRZ942KQV9hp4ifmP/SA8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CLOSING UP.exe
    "C:\Users\Admin\AppData\Local\Temp\CLOSING UP.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:2192

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads