24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
23/09/2023, 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
Size

6.9MB
MD5

be34cc3a6675f80b7343f54151ecbe7d
SHA1

398f1459ad693787516d3e0f0ac04c83ad2540b5
SHA256

24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4
SHA512

d29f4b7ef9d08518ad962a3cbc8aecc591d606c525730ffeaac6ecf954a189b68652fa08818cfce3aeb2581a0ff354716868f68450061f83194f2edc12b3c042
SSDEEP

196608:/otZgs21BRWdoQlSOLM8gYQAnfRcwKmu3vf5:/otZoBR30tL9gYQdwKmu5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2004-8689-0x0000000000270000-0x000000000027B000-memory.dmp	upx
behavioral1/memory/2004-8691-0x0000000000290000-0x000000000029B000-memory.dmp	upx
behavioral1/memory/2004-8692-0x00000000002A0000-0x00000000002A8000-memory.dmp	upx

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\P:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\U:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\J:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\K:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\O:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\S:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\W:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\Y:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\H:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\M:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\N:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\R:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\T:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\V:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\X:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\E:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\I:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\L:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\Q:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
File opened (read-only)	\??\Z:	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 28 IoCs

pid	Process
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
2004	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe

C:\Users\Admin\AppData\Local\Temp\24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe
"C:\Users\Admin\AppData\Local\Temp\24eff5ada3e981c30a2e886a12e191449a869ababa17115ceeca96f79aa036a4.exe"
1⤵
- Enumerates connected drives
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-0-0x0000000000400000-0x00000000010C0000-memory.dmp

Filesize
12.8MB

Download
memory/2004-1-0x0000000076AD0000-0x0000000076B17000-memory.dmp

Filesize
284KB

Download
memory/2004-811-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-812-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-814-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-816-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-818-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-820-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-822-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-824-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-826-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-828-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-830-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-832-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-834-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-836-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-838-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-840-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-842-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-844-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-846-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-848-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-850-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-852-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-854-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-856-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-858-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-860-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-862-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-864-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-866-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-868-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-870-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-872-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-2547-0x0000000002DF0000-0x0000000002F71000-memory.dmp

Filesize
1.5MB

Download
memory/2004-8686-0x0000000002F80000-0x0000000003091000-memory.dmp

Filesize
1.1MB

Download
memory/2004-8689-0x0000000000270000-0x000000000027B000-memory.dmp

Filesize
44KB

Download
memory/2004-8691-0x0000000000290000-0x000000000029B000-memory.dmp

Filesize
44KB

Download
memory/2004-8692-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2004-8693-0x0000000000400000-0x00000000010C0000-memory.dmp

Filesize
12.8MB

Download
memory/2004-8694-0x0000000000260000-0x0000000000263000-memory.dmp

Filesize
12KB

Download
memory/2004-8695-0x00000000002B0000-0x00000000002B7000-memory.dmp

Filesize
28KB

Download
memory/2004-8698-0x0000000000400000-0x00000000010C0000-memory.dmp

Filesize
12.8MB

Download
memory/2004-8699-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2004-8700-0x0000000003BE0000-0x0000000003C97000-memory.dmp

Filesize
732KB

Download
memory/2004-8702-0x0000000000400000-0x00000000010C0000-memory.dmp

Filesize
12.8MB

Download
memory/2004-8703-0x0000000000260000-0x0000000000263000-memory.dmp

Filesize
12KB

Download
memory/2004-8704-0x0000000000400000-0x00000000010C0000-memory.dmp

Filesize
12.8MB

Download
memory/2004-8705-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2004-8706-0x0000000003BE0000-0x0000000003C97000-memory.dmp

Filesize
732KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads