Overview

overview

7

Static

static

7

65a700bdc9...4e.exe

windows7-x64

7

65a700bdc9...4e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2023, 11:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    65a700bdc95b5c917f9e01fb913eea2bd8ce84da01530b2d03f350b94fd1184e.exe

  • Size

    4.2MB

  • MD5

    75d2004361ddddee19358a1484d880ab

  • SHA1

    e6f909152fb7faa00251e6669aec6d7bd137352f

  • SHA256

    65a700bdc95b5c917f9e01fb913eea2bd8ce84da01530b2d03f350b94fd1184e

  • SHA512

    e70029002eec033d90c3ad21450d158fca56cbe207086e87faa26ac0af650a44c7aba533c7f3b09a1f211f2138e88ea22a79afa1645c045b7ff2fa6d9bc72352

  • SSDEEP

    49152:lGx0YzzvNtsVGMXPwh11sXIAyT9tN93Bs5SkP2lS1mdM03aT1P8k:lGx1zj4GgPs1sByTa5SQrWM03o1x

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65a700bdc95b5c917f9e01fb913eea2bd8ce84da01530b2d03f350b94fd1184e.exe
    "C:\Users\Admin\AppData\Local\Temp\65a700bdc95b5c917f9e01fb913eea2bd8ce84da01530b2d03f350b94fd1184e.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3316
    • C:\Windows\SysWOW64\ddodiag.exe
      "C:\Windows\SysWOW64\ddodiag.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3448
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\SysWOW64\unregmp2.exe"
        3⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1572
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\65A700~1.EXE > nul
      2⤵
        PID:4600

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\WindowRedSystem452.log
            Filesize

            8KB

            MD5

            e5753c8efded68e16cfa32f3a331b5c7

            SHA1

            479719dc161aa4832b231e2d49df216eaa163ff4

            SHA256

            cfe5cec9a5800e80746bcc83b677966689e5d7a534122dcf65cc02374afd2394

            SHA512

            1597ec61c0074e022aef20812349539b8c71c33154dfeda6fcee34bb4854c9a88fb8bcee02b9f13b8b1301e65780a13c1b47c3fe513bc70ed551bb7bc24fe1ea

            Download Submit

          • C:\Windows\WindowSystemNewUpdate12.log
            Filesize

            4KB

            MD5

            592c60bb8592383484fc9d9034a1e32c

            SHA1

            06d214848a94cd887bff6aa7dab887c4d2097b0d

            SHA256

            3bf27a90308c5de74836ce78e24922c1bc506773a42ad6fb3490441ad7f6b97b

            SHA512

            7ff03d5c437d9ced3ef54d6c99705af5f6973cac73a06829a9ecb4bb5f0262d3a6d1f24f173b932cdba2e9f4df34e936f1ffd5aa9bfe71fa1e00fb399e9f7165

            Download Submit

          • memory/1572-125-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-78-0x0000000001740000-0x000000000175B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/1572-200-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-143-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-113-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-140-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-127-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-83-0x0000000001740000-0x000000000175B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/1572-118-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-89-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-86-0x0000000001740000-0x000000000175B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/1572-116-0x0000000010000000-0x00000000105F5000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/1572-71-0x0000000000B30000-0x0000000001131000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/3316-26-0x0000000000610000-0x00000000006AA000-memory.dmp

            Filesize

            616KB

            Download

          • memory/3316-0-0x0000000000610000-0x00000000006AA000-memory.dmp

            Filesize

            616KB

            Download

          • memory/3448-49-0x0000000003940000-0x0000000003E10000-memory.dmp

            Filesize

            4.8MB

            Download

          • memory/3448-121-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-93-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-60-0x0000000002680000-0x00000000026B8000-memory.dmp

            Filesize

            224KB

            Download

          • memory/3448-100-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-111-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-87-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-63-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-46-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-6-0x00000000003E0000-0x00000000003FB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/3448-43-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-44-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-35-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-8-0x0000000010000000-0x0000000010057000-memory.dmp

            Filesize

            348KB

            Download

          • memory/3448-177-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-195-0x0000000002A90000-0x0000000002B89000-memory.dmp

            Filesize

            996KB

            Download

          • memory/3448-7-0x00000000003E0000-0x00000000003FB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/3448-4-0x00000000003E0000-0x00000000003FB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/3448-2-0x0000000000240000-0x00000000002A7000-memory.dmp

            Filesize

            412KB

            Download