Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2023 19:46

General

  • Target

    a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe

  • Size

    4.3MB

  • MD5

    6b1b32bf21fa1e9b0a15fef7ad859077

  • SHA1

    6052a49a4e30aa9c1fd771692d22e010c751caa7

  • SHA256

    a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa

  • SHA512

    25e59b1f3d8a99631798af600c8c738dfe4900e72b28e80f7407cf511214f9fa3e7bcfc07e8c7753973bf5486cd1f0afb2d86c21da153c7fa5c4d14c5c528ac3

  • SSDEEP

    98304:Y7Qfh+m6IhvfUk+S1Y4mx/VZSaFYjpofE6g:Y7Qfh+m66fUk+S1Y3Epos6g

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe
    "C:\Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 452
      2⤵
      • Loads dropped DLL
      • Program crash
      PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe

    Filesize

    4.3MB

    MD5

    79f2d0a40916811e28d411d16e5232f2

    SHA1

    a914f64e40fac0a17e2b39551523931f084ef8fc

    SHA256

    f554697cc4d511297ccebb0e1da5745a5d80ede11bb71f27e5a160023545d7cb

    SHA512

    ad5c2d8a20f20ec1079dc56681d22549c2c807066b67bd65d15c332a7f1509edbe8be0eedf41585a0deaa51fe1cba9d7c7428f091cc4dcffba66991e7057e8e5

  • \Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe

    Filesize

    4.3MB

    MD5

    79f2d0a40916811e28d411d16e5232f2

    SHA1

    a914f64e40fac0a17e2b39551523931f084ef8fc

    SHA256

    f554697cc4d511297ccebb0e1da5745a5d80ede11bb71f27e5a160023545d7cb

    SHA512

    ad5c2d8a20f20ec1079dc56681d22549c2c807066b67bd65d15c332a7f1509edbe8be0eedf41585a0deaa51fe1cba9d7c7428f091cc4dcffba66991e7057e8e5

  • \Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe

    Filesize

    4.3MB

    MD5

    79f2d0a40916811e28d411d16e5232f2

    SHA1

    a914f64e40fac0a17e2b39551523931f084ef8fc

    SHA256

    f554697cc4d511297ccebb0e1da5745a5d80ede11bb71f27e5a160023545d7cb

    SHA512

    ad5c2d8a20f20ec1079dc56681d22549c2c807066b67bd65d15c332a7f1509edbe8be0eedf41585a0deaa51fe1cba9d7c7428f091cc4dcffba66991e7057e8e5

  • \Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe

    Filesize

    4.3MB

    MD5

    79f2d0a40916811e28d411d16e5232f2

    SHA1

    a914f64e40fac0a17e2b39551523931f084ef8fc

    SHA256

    f554697cc4d511297ccebb0e1da5745a5d80ede11bb71f27e5a160023545d7cb

    SHA512

    ad5c2d8a20f20ec1079dc56681d22549c2c807066b67bd65d15c332a7f1509edbe8be0eedf41585a0deaa51fe1cba9d7c7428f091cc4dcffba66991e7057e8e5

  • \Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe

    Filesize

    4.3MB

    MD5

    79f2d0a40916811e28d411d16e5232f2

    SHA1

    a914f64e40fac0a17e2b39551523931f084ef8fc

    SHA256

    f554697cc4d511297ccebb0e1da5745a5d80ede11bb71f27e5a160023545d7cb

    SHA512

    ad5c2d8a20f20ec1079dc56681d22549c2c807066b67bd65d15c332a7f1509edbe8be0eedf41585a0deaa51fe1cba9d7c7428f091cc4dcffba66991e7057e8e5

  • \Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe

    Filesize

    4.3MB

    MD5

    79f2d0a40916811e28d411d16e5232f2

    SHA1

    a914f64e40fac0a17e2b39551523931f084ef8fc

    SHA256

    f554697cc4d511297ccebb0e1da5745a5d80ede11bb71f27e5a160023545d7cb

    SHA512

    ad5c2d8a20f20ec1079dc56681d22549c2c807066b67bd65d15c332a7f1509edbe8be0eedf41585a0deaa51fe1cba9d7c7428f091cc4dcffba66991e7057e8e5

  • \Users\Admin\AppData\Local\Temp\a2bf4779985b45fa712741c2e11633bb889b74a229731f73fd373bb507bd9aaa.exe

    Filesize

    4.3MB

    MD5

    79f2d0a40916811e28d411d16e5232f2

    SHA1

    a914f64e40fac0a17e2b39551523931f084ef8fc

    SHA256

    f554697cc4d511297ccebb0e1da5745a5d80ede11bb71f27e5a160023545d7cb

    SHA512

    ad5c2d8a20f20ec1079dc56681d22549c2c807066b67bd65d15c332a7f1509edbe8be0eedf41585a0deaa51fe1cba9d7c7428f091cc4dcffba66991e7057e8e5

  • memory/1712-98-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-69-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-84-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-83-0x0000000010000000-0x000000001003C000-memory.dmp

    Filesize

    240KB

  • memory/1712-87-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-89-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-91-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-79-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-96-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-54-0x0000000010000000-0x000000001003C000-memory.dmp

    Filesize

    240KB

  • memory/1712-94-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-73-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-101-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-81-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-64-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-103-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-105-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-107-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-109-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-111-0x0000000002F70000-0x0000000002F7C000-memory.dmp

    Filesize

    48KB

  • memory/1712-115-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-77-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-75-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-71-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-67-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-65-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-63-0x0000000002E40000-0x0000000002E7E000-memory.dmp

    Filesize

    248KB

  • memory/1712-61-0x0000000003110000-0x0000000003211000-memory.dmp

    Filesize

    1.0MB