Overview

overview

7

Static

static

7

55005aceec...a7.exe

windows7-x64

7

55005aceec...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55005aceec6939133327c0cc3924880e7fde2fd785174e529e78425ea11aa0a7.exe

  • Size

    2.4MB

  • MD5

    cdba0f463c3c17cb03b3469c0cebbcdf

  • SHA1

    ed3d05d4a1833d6bc4fc2514dd6b1ca6f49581bd

  • SHA256

    55005aceec6939133327c0cc3924880e7fde2fd785174e529e78425ea11aa0a7

  • SHA512

    f7bd544ed1325cb3754e9cbc3de0cb3c7a634157d780fc86956f292ec9d463f5afe0bf187c9235b69fc058eef2a4baf3791cc03f9e37b26c76bedc33eaaf24f4

  • SSDEEP

    49152:is5SkP2lS1mdM03aT1PcXPwh11sXIAyT9tN93p:B5SQrWM03o1wPs1sByTJ

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 46 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: LoadsDriver 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Windows\SysWOW64\CheckNetIsolation.exe
      "C:\Windows\SysWOW64\CheckNetIsolation.exe"
      2⤵
        PID:1520
    • C:\Users\Admin\AppData\Local\Temp\55005aceec6939133327c0cc3924880e7fde2fd785174e529e78425ea11aa0a7.exe
      "C:\Users\Admin\AppData\Local\Temp\55005aceec6939133327c0cc3924880e7fde2fd785174e529e78425ea11aa0a7.exe"
      1⤵
      • Checks computer location settings
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Windows\SysWOW64\find.exe
        "C:\Windows\SysWOW64\find.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5100
        • C:\Windows\SysWOW64\makecab.exe
          "C:\Windows\SysWOW64\makecab.exe"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4804
          • C:\Windows\SysWOW64\expand.exe
            "C:\Windows\SysWOW64\expand.exe"
            4⤵
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4928
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\55005A~1.EXE > nul
        2⤵
          PID:4880

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\WindowRedSystem275.log
        Filesize

        8KB

        MD5

        def1008797a03eae11abac9599182d39

        SHA1

        916ac79282ce53bd68037ef1e055910e514560d5

        SHA256

        b646588a2e7219838bf957c145ea888d43905769b0c2423aa38e77be2af0a8dd

        SHA512

        d6d5ff3f175b9c0caf018d59d2bb986b0eb8de60da87475941c26082ec3a8e7163c2a44757c34f24656210d21c77b76b1fe9ea5fa2a7ca90512a993b47231dfe

        Download Submit

      • C:\Windows\WindowSystemNewUpdate748.log
        Filesize

        6KB

        MD5

        cd6a45cd87f819bcb8e7ba6da6c9bc09

        SHA1

        b9cb688654030065a3cbfc7a1a5a73fc8beaa6b3

        SHA256

        8e282d13f9151bd3c95709569a4ebde09ce5fd6816bad380c68eed711726468b

        SHA512

        25e9cdceb9f12b35786325b811a000fd34b9fedf8d3e357e7e975fa13dc659087e097a8e7ee0cc594f04633bfb698c2c46004918e8621d49968950b0f72f3764

        Download Submit

      • memory/1324-184-0x000001BCD3CA0000-0x000001BCD3CCB000-memory.dmp

        Filesize

        172KB

        Download

      • memory/1324-155-0x0000000000470000-0x0000000000495000-memory.dmp

        Filesize

        148KB

        Download

      • memory/1324-154-0x000001BCD3CA0000-0x000001BCD3CCB000-memory.dmp

        Filesize

        172KB

        Download

      • memory/1520-278-0x00000000011A0000-0x00000000011BB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/1520-201-0x00000000011A0000-0x00000000011BB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/1520-196-0x0000000000A00000-0x0000000001004000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/2820-3-0x0000000000940000-0x0000000000A7C000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2820-2-0x0000000000940000-0x0000000000A7C000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2820-39-0x0000000000940000-0x0000000000A7C000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2820-38-0x0000000000940000-0x0000000000A7C000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2820-0-0x0000000000940000-0x0000000000A7C000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/4804-133-0x00000000001A0000-0x00000000001BF000-memory.dmp

        Filesize

        124KB

        Download

      • memory/4804-139-0x00000000009E0000-0x0000000000A04000-memory.dmp

        Filesize

        144KB

        Download

      • memory/4804-134-0x00000000009E0000-0x0000000000A04000-memory.dmp

        Filesize

        144KB

        Download

      • memory/4928-210-0x0000000010000000-0x00000000105F8000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/4928-156-0x0000000000FA0000-0x0000000000FBB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/4928-171-0x0000000010000000-0x00000000105F8000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/4928-173-0x0000000010000000-0x00000000105F8000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/4928-176-0x0000000010000000-0x00000000105F8000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/4928-143-0x0000000000FA0000-0x0000000000FBB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/4928-142-0x0000000000800000-0x0000000000E04000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/4928-207-0x0000000010000000-0x00000000105F8000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/4928-211-0x0000000010000000-0x00000000105F8000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/5100-33-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-150-0x00000000028B0000-0x00000000028B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5100-58-0x0000000002D20000-0x0000000002E19000-memory.dmp

        Filesize

        996KB

        Download

      • memory/5100-59-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-61-0x0000000003610000-0x0000000003AFB000-memory.dmp

        Filesize

        4.9MB

        Download

      • memory/5100-68-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-70-0x0000000002D20000-0x0000000002E19000-memory.dmp

        Filesize

        996KB

        Download

      • memory/5100-72-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-73-0x0000000003B40000-0x0000000003B78000-memory.dmp

        Filesize

        224KB

        Download

      • memory/5100-79-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-82-0x0000000003CE0000-0x0000000003D47000-memory.dmp

        Filesize

        412KB

        Download

      • memory/5100-131-0x0000000002D20000-0x0000000002E19000-memory.dmp

        Filesize

        996KB

        Download

      • memory/5100-54-0x0000000002D20000-0x0000000002E19000-memory.dmp

        Filesize

        996KB

        Download

      • memory/5100-46-0x0000000002D20000-0x0000000002E19000-memory.dmp

        Filesize

        996KB

        Download

      • memory/5100-45-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-44-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-43-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-56-0x0000000002D20000-0x0000000002E19000-memory.dmp

        Filesize

        996KB

        Download

      • memory/5100-151-0x00000000028B0000-0x00000000028B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5100-40-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-35-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-34-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-31-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-30-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-29-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-181-0x00000000028B0000-0x00000000028B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5100-180-0x00000000028B0000-0x00000000028B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5100-28-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-26-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-25-0x00000000009D0000-0x00000000009EB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/5100-24-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-22-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-13-0x0000000010000000-0x00000000100FD000-memory.dmp

        Filesize

        1012KB

        Download

      • memory/5100-10-0x00000000009D0000-0x00000000009EB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/5100-7-0x00000000009D0000-0x00000000009EB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/5100-5-0x00000000002C0000-0x00000000003CD000-memory.dmp

        Filesize

        1.1MB

        Download