Overview

overview

7

Static

static

3

5b145d0f5c...9c.exe

windows7-x64

7

5b145d0f5c...9c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b145d0f5c784b9b41cc9861b892d232d2bc6e083f282b611c950ce19ee5eb9c.exe

  • Size

    12.3MB

  • MD5

    08d98cd767bcef762eb1ffd918c15313

  • SHA1

    995e5f6a9bf5226dde91c5c2cc11240ece24cdf9

  • SHA256

    5b145d0f5c784b9b41cc9861b892d232d2bc6e083f282b611c950ce19ee5eb9c

  • SHA512

    fd8b9ab175e9a32eab8d5aab9b10a0e2d9e4c2fd336b1a7a4f7bbb55e24310f24acd7e30572dbcd3889f9bd6c5d913f0f893901a697ff411d808a96e05ab8f7b

  • SSDEEP

    196608:UQ0hI0QWdJXYJIw7LLdlR8qtiCBzj7r4/PXaNGX6hqDuxHN:UQN0rJIJx7LLSBCdj7rEXaNW6hqDuhN

Score
7/10
bootkitpersistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b145d0f5c784b9b41cc9861b892d232d2bc6e083f282b611c950ce19ee5eb9c.exe
    "C:\Users\Admin\AppData\Local\Temp\5b145d0f5c784b9b41cc9861b892d232d2bc6e083f282b611c950ce19ee5eb9c.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\JiaRong\JiaRjishu.jrs
    Filesize

    3.7MB

    MD5

    259c1da17b442ac2f27ea1ff4625e7d3

    SHA1

    54437d7ce0fc459ed603dc8709254c6971cd34e0

    SHA256

    6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a

    SHA512

    75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796

    Download Submit

  • C:\Program Files\JiaRong\JiaRjishu.jrs
    Filesize

    3.7MB

    MD5

    259c1da17b442ac2f27ea1ff4625e7d3

    SHA1

    54437d7ce0fc459ed603dc8709254c6971cd34e0

    SHA256

    6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a

    SHA512

    75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796

    Download Submit

  • C:\Program Files\JiaRong\JiaRjishu.jrs
    Filesize

    3.7MB

    MD5

    259c1da17b442ac2f27ea1ff4625e7d3

    SHA1

    54437d7ce0fc459ed603dc8709254c6971cd34e0

    SHA256

    6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a

    SHA512

    75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796

    Download Submit

  • memory/2104-6-0x0000000010000000-0x0000000010917000-memory.dmp

    Filesize

    9.1MB

    Download

  • memory/2104-12-0x0000000010000000-0x0000000010917000-memory.dmp

    Filesize

    9.1MB

    Download

  • memory/2104-13-0x0000000010000000-0x0000000010917000-memory.dmp

    Filesize

    9.1MB

    Download

  • memory/2104-14-0x0000000010000000-0x0000000010917000-memory.dmp

    Filesize

    9.1MB

    Download

  • memory/2104-25-0x0000000010000000-0x0000000010917000-memory.dmp

    Filesize

    9.1MB

    Download