Overview

overview

7

Static

static

7

3dba0f0493...9a.exe

windows7-x64

7

3dba0f0493...9a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2023, 07:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dba0f0493061ba1b6a4ba2d07b55573c332974f5af9a7a67dcc5dd2115d729a.exe

  • Size

    815KB

  • MD5

    9bbeed0c0851670970d69e497967bf0b

  • SHA1

    0a0963c8d19b2c35202c8debdc606d2ff5a3bc05

  • SHA256

    3dba0f0493061ba1b6a4ba2d07b55573c332974f5af9a7a67dcc5dd2115d729a

  • SHA512

    06feec071051161218caaa8c186f650cbcd6b2934d8910f13c749a022d53c6b7b02bca404fbc693d13eb02f659d938f1ad3b90bdc628457aa74e2d107eb518c6

  • SSDEEP

    24576:fO1LHcsboAcntImlnm5bGFZ0XkAck+ffCUyCBZY3/x:G2Acn9CkZ0X2hff/yC3G/x

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3dba0f0493061ba1b6a4ba2d07b55573c332974f5af9a7a67dcc5dd2115d729a.exe
    "C:\Users\Admin\AppData\Local\Temp\3dba0f0493061ba1b6a4ba2d07b55573c332974f5af9a7a67dcc5dd2115d729a.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\SysWOW64\finger.exe
      "C:\Windows\SysWOW64\finger.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1516
      • C:\Windows\SysWOW64\icardagt.exe
        "C:\Windows\SysWOW64\icardagt.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2932
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
          4⤵
          • Program crash
          PID:1656
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\3DBA0F~1.EXE > nul
      2⤵
      • Deletes itself
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\WindowSystemNewUpdate215.log
    Filesize

    6KB

    MD5

    3afe83881d17fced67a88b8f88e17be8

    SHA1

    532531f3696527c0490e941e006b6c065bc9eebc

    SHA256

    9180c255271aad6211876216c1ff46b9f2a88fc9fa4c4a8b252910486fe898ff

    SHA512

    c0e30e464dc543079e3b41e5690c2761aadec7a2315e59956b3ffa5bebe696adc3a94e4002e0ae9b8168a6c799fa84fddf7611d14c326c1189e59080d7ef4f11

    Download Submit

  • memory/1516-42-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-3-0x00000000001E0000-0x00000000002E8000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1516-4-0x00000000001E0000-0x00000000002E8000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1516-5-0x00000000001E0000-0x00000000002E8000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1516-6-0x00000000002F0000-0x000000000030B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1516-9-0x00000000002F0000-0x000000000030B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1516-10-0x00000000002F0000-0x000000000030B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1516-11-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-19-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-20-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-23-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-25-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-27-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-29-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-30-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-31-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-206-0x00000000099C0000-0x0000000009D43000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/1516-35-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-186-0x00000000099C0000-0x0000000009D43000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/1516-38-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-43-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-40-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-2-0x00000000001E0000-0x00000000002E8000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1516-44-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-45-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-46-0x00000000030A0000-0x0000000003199000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1516-55-0x00000000030A0000-0x0000000003199000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1516-54-0x00000000030A0000-0x0000000003199000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1516-57-0x00000000030A0000-0x0000000003199000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1516-58-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-60-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-61-0x00000000003D0000-0x0000000000408000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1516-67-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-71-0x00000000030A0000-0x0000000003199000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1516-70-0x0000000002930000-0x0000000002996000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1516-82-0x0000000010000000-0x00000000100F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1516-83-0x0000000004040000-0x0000000004519000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/1516-86-0x00000000030A0000-0x0000000003199000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1516-145-0x00000000030A0000-0x0000000003199000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1516-141-0x00000000030A0000-0x0000000003199000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2088-0-0x0000000000E20000-0x0000000000F58000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2088-36-0x0000000000E20000-0x0000000000F58000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2088-34-0x0000000000E20000-0x0000000000F58000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2932-134-0x0000000000250000-0x000000000085C000-memory.dmp

    Filesize

    6.0MB

    Download