Overview

overview

7

Static

static

7

c5bc372e41...ba.exe

windows7-x64

7

c5bc372e41...ba.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    158s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 08:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba.exe

  • Size

    15.8MB

  • MD5

    f57b2435054bac4e30faf8f5b051f2b4

  • SHA1

    22e21381f88025192ef91076ddf00f8721f04ef6

  • SHA256

    c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba

  • SHA512

    113f852b541503454e4e3acdcf8fa9bb391cae9a27308d9f23525c70a883082b012965c0e79752e26365200dbbe0ec8d4a111f5eb81284b885cfd6a1d7c3639e

  • SSDEEP

    393216:UsecyNB/wmOZISw9PORqFw940bkHhcwFMqorhzFVw:UsecgB/wmofwpFwH+mwJoNzo

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba.exe
    "C:\Users\Admin\AppData\Local\Temp\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1704
    • F:\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba.exe
      F:\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious use of SetWindowsHookEx
      PID:1084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d35b4dfb9e5ffa8a362f1c3f462abc83.txt
    Filesize

    67B

    MD5

    f7b8e466e1ef5c67411868cca85782d5

    SHA1

    868f833cd0cabd8d1710dee180e993367c418603

    SHA256

    20f01f2806d8cab770837014876125cec8dac7326dfef312b68130187e06a4ca

    SHA512

    e498d163a0d4882175e66b9705b6cbfdbd1071cc7a59f1e06b0c1be750dcd178d3d4863dfd08038dfb7b41f6947229f0044ff1ebddbeb79e02e9b8cda4c3bfb8

    Download Submit

  • F:\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba.exe
    Filesize

    15.8MB

    MD5

    f57b2435054bac4e30faf8f5b051f2b4

    SHA1

    22e21381f88025192ef91076ddf00f8721f04ef6

    SHA256

    c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba

    SHA512

    113f852b541503454e4e3acdcf8fa9bb391cae9a27308d9f23525c70a883082b012965c0e79752e26365200dbbe0ec8d4a111f5eb81284b885cfd6a1d7c3639e

    Download Submit

  • F:\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba\c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba.exe
    Filesize

    15.8MB

    MD5

    f57b2435054bac4e30faf8f5b051f2b4

    SHA1

    22e21381f88025192ef91076ddf00f8721f04ef6

    SHA256

    c5bc372e4109861a109ab49cbba4a572972c004b6e06222be98db52fe7dbacba

    SHA512

    113f852b541503454e4e3acdcf8fa9bb391cae9a27308d9f23525c70a883082b012965c0e79752e26365200dbbe0ec8d4a111f5eb81284b885cfd6a1d7c3639e

    Download Submit

  • memory/1084-16-0x0000000003DE0000-0x0000000003DE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1084-18-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-30-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-28-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-27-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-13-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-26-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-25-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-17-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-23-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-19-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1084-20-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1704-4-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1704-0-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1704-15-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1704-1-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1704-2-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/1704-3-0x0000000000400000-0x0000000001C28000-memory.dmp

    Filesize

    24.2MB

    Download