Overview

overview

7

Static

static

3

bc020bb098...55.exe

windows7-x64

7

bc020bb098...55.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2023, 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc020bb098cdc806d3fa6e6906e96cbba22ae6dd6242257bf7d45299ada6ad55.exe

  • Size

    12.2MB

  • MD5

    25a4df1db9736d99cdd5deea5fdbd1b2

  • SHA1

    b20b5b250ffb2d07e6a7628311d2595b2817070f

  • SHA256

    bc020bb098cdc806d3fa6e6906e96cbba22ae6dd6242257bf7d45299ada6ad55

  • SHA512

    44c106b2cb242fa3dfcd3527e6888456dbfb53912134544f5fefbf97a460cb8259b2519e1a119ff3585c3d1d70e7463f3c767794639829be8ea1ecac1478f890

  • SSDEEP

    196608:5BREyceaUzv9EW/A7FzOvIJG1J7sK1kX0n4JVRc9BDalV:hEyNlzvaW/A7lKPu0n4Bc9sj

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc020bb098cdc806d3fa6e6906e96cbba22ae6dd6242257bf7d45299ada6ad55.exe
    "C:\Users\Admin\AppData\Local\Temp\bc020bb098cdc806d3fa6e6906e96cbba22ae6dd6242257bf7d45299ada6ad55.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Windows\SysWOW64\netsh.exe
      netsh int ipv4 set dynamicport tcp start=10000 num=55000
      2⤵
        PID:4572
      • C:\Windows\SysWOW64\netsh.exe
        netsh int ipv6 set dynamicport tcp start=10000 num=55000
        2⤵
          PID:864

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\E2EECore.2.7.2.dll
        Filesize

        8.4MB

        MD5

        8b6c94bbdbfb213e94a5dcb4fac28ce3

        SHA1

        b56102ca4f03556f387f8b30e2b404efabe0cb65

        SHA256

        982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

        SHA512

        9d6d63b5d8cf7a978d7e91126d7a343c2f7acd00022da9d692f63e50835fdd84a59a93328564f10622f2b1f6adfd7febdd98b8ddb294d0754ed45cc9c165d25a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\sunny.dll
        Filesize

        4.1MB

        MD5

        94d3a3c4309ee3cac460fb1295f55958

        SHA1

        5f7d35823351c89e6497535d1cf2990e58d4ef0a

        SHA256

        555c40e0548b4e513c975a1e110fe1092ce88ec75080e1d4a325ceea54055f36

        SHA512

        96a8f3504e330d71cc024171207505212380e32b6477200d27212fc32901145416cede47e7ce603bd6d92b624186de0bc1e280af10ec3ca6b6eb465183a5e522

        Download Submit

      • memory/4908-9-0x0000000073720000-0x00000000743E8000-memory.dmp

        Filesize

        12.8MB

        Download

      • memory/4908-10-0x000000002C580000-0x000000002C5D9000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4908-11-0x0000000073720000-0x00000000743E8000-memory.dmp

        Filesize

        12.8MB

        Download

      • memory/4908-12-0x000000002C580000-0x000000002C5D9000-memory.dmp

        Filesize

        356KB

        Download