Overview

overview

8

Static

static

7

457bdc715b...6d.exe

windows7-x64

8

457bdc715b...6d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    101s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2023 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    457bdc715b23ccb6da72828aad98306e2ab5f15063214ea8f43994637dd1d16d.exe

  • Size

    2.7MB

  • MD5

    7e239fd3c0d61ffb614c4466fc0b7ddd

  • SHA1

    e0351865b8c11d43ac4edcd9cfe0ddb1071fa955

  • SHA256

    457bdc715b23ccb6da72828aad98306e2ab5f15063214ea8f43994637dd1d16d

  • SHA512

    bf283c954cb727fd22ab9512b3f911a210c24b2ec0241e5f1a3167c250e75e77d0a485dab7ca339243a572f23f9f949c639a1b578281512b354e75d9c79b8c1b

  • SSDEEP

    49152:ITGkQ75QZuTtS0rQMYOQ+q8CEXTG4QrTGHQK9KFeMQ:IKk8WsM0r1QnAK4eKHZ0FeV

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in System32 directory 16 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:624
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2264
      • C:\Users\Admin\AppData\Local\Temp\457bdc715b23ccb6da72828aad98306e2ab5f15063214ea8f43994637dd1d16d.exe
        "C:\Users\Admin\AppData\Local\Temp\457bdc715b23ccb6da72828aad98306e2ab5f15063214ea8f43994637dd1d16d.exe"
        2⤵
        • Checks computer location settings
        • Drops file in System32 directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4916
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Users\Admin\AppData\Local\Temp\457bdc715b23ccb6da72828aad98306e2ab5f15063214ea8f43994637dd1d16d.exe"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2000
          • C:\Windows\SysWOW64\timeout.exe
            timeout /t 1
            4⤵
            • Delays execution with timeout.exe
            PID:2312
      • C:\Program Files\gpresult.exe
        "C:\Program Files\gpresult.exe"
        2⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2360
    • C:\Windows\Syswow64\b1df7528
      C:\Windows\Syswow64\b1df7528
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2272
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Windows\Syswow64\b1df7528"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3828
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 1
          3⤵
          • Delays execution with timeout.exe
          PID:1168

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\gpresult.exe
      Filesize

      222KB

      MD5

      6b7a0e553db17374119180aeaf34cd87

      SHA1

      4d85ed7069a3b846028632eca1054a4846f1ceb6

      SHA256

      678cf8bbd1b6aacadbaa8e14d7ebc42aa2a89a6b7736921287226c21158e5318

      SHA512

      cc1660a9fb982718196b23599947a7de2b6970e66bd8fa5bce68c44c8c914d5506432e4bb243da121500be37eb6fd05664f16e3698510419116b690a71fcb200

      Download Submit

    • C:\Windows\SysWOW64\b1df7528
      Filesize

      2.7MB

      MD5

      2a029ef514007e746be955555bf9483e

      SHA1

      550c02f0d060bcd92bdb41c242f7adde7b0f9083

      SHA256

      ce3867fe5f549a3c6575ecdd9bff100e9c19ba8f37643ec568df90c9f98adf5f

      SHA512

      4dd247fe945bae33c101fc86074afa9028c3abcecd6c41d6158397b1e8b6aff5226b94f6401213e7e944d63feecd96e3eb9371fb7eaf78917d6636831737a727

      Download Submit

    • C:\Windows\SysWOW64\b1df7528
      Filesize

      2.7MB

      MD5

      2a029ef514007e746be955555bf9483e

      SHA1

      550c02f0d060bcd92bdb41c242f7adde7b0f9083

      SHA256

      ce3867fe5f549a3c6575ecdd9bff100e9c19ba8f37643ec568df90c9f98adf5f

      SHA512

      4dd247fe945bae33c101fc86074afa9028c3abcecd6c41d6158397b1e8b6aff5226b94f6401213e7e944d63feecd96e3eb9371fb7eaf78917d6636831737a727

      Download Submit

    • memory/624-72-0x000002BFD1A40000-0x000002BFD1A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/624-30-0x000002BFD1A40000-0x000002BFD1A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/624-29-0x000002BFD19E0000-0x000002BFD1A08000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2264-117-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-120-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-14-0x00000000094B0000-0x00000000095A7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/2264-13-0x0000000001580000-0x0000000001583000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2264-153-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-149-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-142-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-144-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-140-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-138-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-12-0x0000000001580000-0x0000000001583000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2264-10-0x0000000001580000-0x0000000001583000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2264-137-0x00000000033F0000-0x0000000003400000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-136-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-64-0x00000000094B0000-0x00000000095A7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/2264-135-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-134-0x00000000033F0000-0x0000000003400000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-98-0x00000000033B0000-0x00000000033C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-133-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-132-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-130-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-128-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-127-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-126-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-125-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-124-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-94-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-123-0x00000000033E0000-0x00000000033F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-122-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-121-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-16-0x00000000015B0000-0x00000000015B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2264-119-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-114-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-115-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-116-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-85-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-86-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-87-0x0000000003380000-0x0000000003390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-88-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-89-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-90-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-91-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-104-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-113-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-67-0x00000000015B0000-0x00000000015B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2264-97-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-96-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-95-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-99-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-100-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-101-0x00000000033B0000-0x00000000033C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-102-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-92-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-108-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-106-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-109-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-110-0x0000000003380000-0x0000000003390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-111-0x0000000003370000-0x0000000003380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2264-112-0x00000000033B0000-0x00000000033C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2272-66-0x0000000000E60000-0x0000000000EE9000-memory.dmp

      Filesize

      548KB

      Download

    • memory/2272-4-0x0000000000E60000-0x0000000000EE9000-memory.dmp

      Filesize

      548KB

      Download

    • memory/2272-28-0x0000000000E60000-0x0000000000EE9000-memory.dmp

      Filesize

      548KB

      Download

    • memory/2360-82-0x00000260DB610000-0x00000260DB6B0000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2360-69-0x00000260DAC80000-0x00000260DAD4B000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2360-81-0x00000260DB750000-0x00000260DB772000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2360-78-0x00000260DB400000-0x00000260DB401000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-80-0x00000260DB420000-0x00000260DB421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-79-0x00000260DB600000-0x00000260DB601000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-76-0x00000260DB6F0000-0x00000260DB6FF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2360-71-0x00000260D93C0000-0x00000260D93C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-74-0x00000260DB400000-0x00000260DB401000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-73-0x00000260DB410000-0x00000260DB411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-84-0x00000260DB750000-0x00000260DB772000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2360-77-0x00000260DB410000-0x00000260DB411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-75-0x00000260DB610000-0x00000260DB6B0000-memory.dmp

      Filesize

      640KB

      Download

    • memory/2360-20-0x00000260D9230000-0x00000260D9233000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2360-68-0x00000260DB400000-0x00000260DB401000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-70-0x00000260DB410000-0x00000260DB411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-65-0x00000260DB3F0000-0x00000260DB3F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2360-63-0x00007FFFA8690000-0x00007FFFA86A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2360-21-0x00000260DAC80000-0x00000260DAD4B000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2360-83-0x00000260DB600000-0x00000260DB601000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-22-0x00000260DAC80000-0x00000260DAD4B000-memory.dmp

      Filesize

      812KB

      Download

    • memory/2360-24-0x00007FFFA8690000-0x00007FFFA86A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4916-26-0x0000000000350000-0x00000000003D9000-memory.dmp

      Filesize

      548KB

      Download

    • memory/4916-37-0x0000000000350000-0x00000000003D9000-memory.dmp

      Filesize

      548KB

      Download

    • memory/4916-0-0x0000000000350000-0x00000000003D9000-memory.dmp

      Filesize

      548KB

      Download