Overview

overview

8

Static

static

7

b66f351c35...56.exe

windows7-x64

7

b66f351c35...56.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2023 11:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b66f351c35212c7a265272d27aa09656.exe

  • Size

    4.4MB

  • MD5

    b66f351c35212c7a265272d27aa09656

  • SHA1

    c2994b2969f315b189a151d545b35a2c8ed6a2f9

  • SHA256

    ba4c8e065f601de46ae7844e81921c68726d09345f3db13fb6e3f5ea2d413dde

  • SHA512

    82ac249a9024085be3bd071682d15054696b0cd61a8b8a85d77c7ff4cd7703124ab07a3446b1b7b69015b5a30643f88030bef908644c88256d1784f992207fcb

  • SSDEEP

    98304:sParA5bJxdz0l3YIMFQxMKsVCyGPPUpGieNjBVTRB7OQ8TZMQ7caYS3u:6a6rwlLSQxMKeiVRpSnYvIu

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b66f351c35212c7a265272d27aa09656.exe
    "C:\Users\Admin\AppData\Local\Temp\b66f351c35212c7a265272d27aa09656.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Windows\system32\cmd.exe
      cmd /C nPandaVPN.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Users\Admin\AppData\Local\Temp\nPandaVPN.exe
        nPandaVPN.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CabDA0C.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDBC4.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nPandaVPN.exe
    Filesize

    2.1MB

    MD5

    c83323d126469b0eaab04876edd391a3

    SHA1

    dc9b1aeb0535cc30eff5f298e81de1476ec8e02a

    SHA256

    318f8b901a0c9226f41409e97c4167cdf1836508f969ab13b8e004b4f6c9caac

    SHA512

    edde3c33d83b5ba1d527073afbf99568737a82d1142003b7163d5c037e536761a7472b0245a85e0dcab9c89790a82a7470a57b2f1829e75875a92b8495825487

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nPandaVPN.exe
    Filesize

    2.1MB

    MD5

    c83323d126469b0eaab04876edd391a3

    SHA1

    dc9b1aeb0535cc30eff5f298e81de1476ec8e02a

    SHA256

    318f8b901a0c9226f41409e97c4167cdf1836508f969ab13b8e004b4f6c9caac

    SHA512

    edde3c33d83b5ba1d527073afbf99568737a82d1142003b7163d5c037e536761a7472b0245a85e0dcab9c89790a82a7470a57b2f1829e75875a92b8495825487

    Download Submit

  • memory/2068-54-0x000000013FCE0000-0x00000001408F1000-memory.dmp

    Filesize

    12.1MB

    Download

  • memory/2068-114-0x000000013FCE0000-0x00000001408F1000-memory.dmp

    Filesize

    12.1MB

    Download

  • memory/2780-76-0x0000000074AF0000-0x00000000751DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2780-104-0x0000000000AA0000-0x0000000000CB4000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2780-115-0x0000000004D20000-0x0000000004D60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2780-116-0x0000000004B90000-0x0000000004C9A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2780-117-0x0000000074AF0000-0x00000000751DE000-memory.dmp

    Filesize

    6.9MB

    Download