Overview

overview

7

Static

static

1

d85933abc3...49.exe

windows7-x64

7

d85933abc3...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 07:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d85933abc3f925d424c445f6a31298f19d754e8f00f98bcd5130f887ee8a2f49.exe

  • Size

    4.8MB

  • MD5

    50e2b4da1e5c8bfa605a9430afb17831

  • SHA1

    0fe3030d0b9b8905d102951f22dca196f5f8a65e

  • SHA256

    d85933abc3f925d424c445f6a31298f19d754e8f00f98bcd5130f887ee8a2f49

  • SHA512

    a2b50241bf237cc286aa05f975805cd7f849720266ac6a265523ab4e425761b4423cc0819d78bbbee57107608ebfa9a06578d371714afaebb75b423b746677aa

  • SSDEEP

    98304:uuTknSMXcTwCFmgcwOhOJ3idIR9/oj9ghi1RebM390bYVGPk6AFCK6MP1e62mqCp:RMXcK4H/ojD390bYVGPk6JK6Mg65rvb5

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d85933abc3f925d424c445f6a31298f19d754e8f00f98bcd5130f887ee8a2f49.exe
    "C:\Users\Admin\AppData\Local\Temp\d85933abc3f925d424c445f6a31298f19d754e8f00f98bcd5130f887ee8a2f49.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:812
    • C:\Users\Public\Videos\Oxt8aOT.exe
      "C:\Users\Public\Videos\Oxt8aOT.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1616
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c echo.>c:\xxxx.ini
        3⤵
          PID:2988

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG3.JPG
            Filesize

            6KB

            MD5

            e39405e85e09f64ccde0f59392317dd3

            SHA1

            9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b

            SHA256

            cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f

            SHA512

            6733f330145b48d23c023c664090f4f240e9bbeb8368b486c8ee8682ec6a930b73275e24075648d1aa7e01db1ec7b7e259286917a006ba9af8fb7cba3439070a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG4.JPG
            Filesize

            36KB

            MD5

            f6bf82a293b69aa5b47d4e2de305d45a

            SHA1

            4948716616d4bbe68be2b4c5bf95350402d3f96f

            SHA256

            6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0

            SHA512

            edf0f3ee60a620cf886184c1014f38d0505aac9e3703d61d7074cfb27d6922f80e570d1a3891593606a09f1296a88c8770445761c11c390a99a5341ee56478aa

            Download Submit

          • C:\Users\Public\Videos\Edge.jpg
            Filesize

            358KB

            MD5

            1c3eb40185be89b621a0ef91bde75c49

            SHA1

            3b799c983725212140363dc02be8eadc9471e099

            SHA256

            44953fe8dd58f8a555b0a5b69ae6f52a379ad3ee376959ba383d5c53c2b71d30

            SHA512

            69564b78b13e594a13eee1500e8cc76d2d685fba5dcf312a59e95d3694dfcae63a0145801be011250a3cf941a4895790c57601aaab0246f7c043a1365b477525

            Download Submit

          • C:\Users\Public\Videos\Oxt8aOT.dat
            Filesize

            132KB

            MD5

            220898362d157d42fa15b4e002327398

            SHA1

            d8b23044a03ba4d1ca3fe493ed910154833b28e2

            SHA256

            2f3dbb1779ff11ea887f57a38fab23593fc707319eefb3df90abfdf8131f5e77

            SHA512

            432fcbd36c3b220258bc2c2a7086f5f6c8da8896db69316fa50f0046601182c33b7edb6e3f6ab80905034cb39021ac3ba094a63d90b00aa3ddc0dd4186192e0f

            Download Submit

          • C:\Users\Public\Videos\Oxt8aOT.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • C:\Users\Public\Videos\Oxt8aOT.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • C:\Users\Public\Videos\edge.xml
            Filesize

            53KB

            MD5

            03eff03dfecb7fb609f476b0eeb7d6eb

            SHA1

            005b562d230ceca0a9342ae559706066c57a900b

            SHA256

            cbec966002a6c8dbd2eb972ed517aeb86af6b06df64cd55c6b0da40583ad53fb

            SHA512

            b66049b1fb69885f685457aefb296c3c1ab36daa725b59a8de80b7c2eae00e7b9957ea03ee5f64c9f8ad46941217abb0137c9c4d77b2b91b68dbf31199a4c88f

            Download Submit

          • \Users\Public\Videos\Oxt8aOT.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • \Users\Public\Videos\Oxt8aOT.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • \Users\Public\Videos\Oxt8aOT.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • \Users\Public\Videos\Oxt8aOT.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • memory/812-7-0x0000000003FC0000-0x0000000004118000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/1616-18-0x0000000000400000-0x0000000000558000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/1616-43-0x00000000003E0000-0x00000000003E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1616-46-0x0000000002040000-0x0000000002052000-memory.dmp

            Filesize

            72KB

            Download

          • memory/1616-48-0x0000000010000000-0x0000000010061000-memory.dmp

            Filesize

            388KB

            Download

          • memory/1616-59-0x0000000000400000-0x0000000000558000-memory.dmp

            Filesize

            1.3MB

            Download