Overview

overview

7

Static

static

7

lighttpd-s...ll.exe

windows7-x64

7

lighttpd-s...ll.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    06-10-2023 11:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lighttpd-service-install.exe

  • Size

    63KB

  • MD5

    d690679f5f6a857dacdbc5ee6ce7e736

  • SHA1

    01fd9a97220c5fce3dcd7c756b07deff4428b240

  • SHA256

    753c8a5f46643aafb158c03a2b0271ba20c7009a50c14657c171c4da4110b97d

  • SHA512

    f8e11de83a8511f7e7c1e363426eff955b600e78dcfa47fd3ef1cdfbbbfbd56ae799381b05daa738f3ea7066437958f35ae220473031d597261f6c0987c6910c

  • SSDEEP

    1536:IU9RNMwPS/OWg1gDlU62RBWx5DaC1ByfelAqFBokxN7HI1:FhMyGLxiLRBc5DdBiqQkxNE1

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lighttpd-service-install.exe
    "C:\Users\Admin\AppData\Local\Temp\lighttpd-service-install.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bt4211.bat "C:\Users\Admin\AppData\Local\Temp\lighttpd-service-install.exe"
      2⤵
        PID:2212

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\bt4211.bat
      Filesize

      3KB

      MD5

      c24c6a7317bb223d2e9e228a1a3ed456

      SHA1

      871251e0fd1202674fbde808039f7ddb2ded0b62

      SHA256

      7e0fab01adf20dfa59d957f2e751b54ca62b06a0d10e3b71987640404c3a239c

      SHA512

      649ccf099093e8f059022528149e83b3686af75e7875fd580f6b7d19544217c1356a66ad4e88d96965a370444cbad2cf3b92f49cae83fcfd655967afd41ac94b

      Download Submit

    • memory/2980-0-0x0000000000400000-0x000000000042B000-memory.dmp

      Filesize

      172KB

      Download

    • memory/2980-1-0x0000000000230000-0x000000000025B000-memory.dmp

      Filesize

      172KB

      Download

    • memory/2980-2-0x0000000000230000-0x000000000025B000-memory.dmp

      Filesize

      172KB

      Download

    • memory/2980-6-0x0000000000400000-0x000000000042B000-memory.dmp

      Filesize

      172KB

      Download

    • memory/2980-7-0x0000000000230000-0x000000000025B000-memory.dmp

      Filesize

      172KB

      Download