Overview

overview

7

Static

static

3

b5d87e2b88...99.exe

windows7-x64

7

b5d87e2b88...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 08:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5d87e2b885d42e48ebc02e710967afb9c25e126f7f78b97fecc27a2fca05e99.exe

  • Size

    6.7MB

  • MD5

    c5e1e873a0d37c97791019b3179ab5e7

  • SHA1

    c4ec77350137fb431b0e26ec8440fce2be7b979c

  • SHA256

    b5d87e2b885d42e48ebc02e710967afb9c25e126f7f78b97fecc27a2fca05e99

  • SHA512

    b6b3aa02ca4ab6be72b75cb66095704b6e5d78ff3ff48f08602e636620eea012f605351c88afae3c6233e3283c1f3dbb701633f15b8e4e56caa435a3ccc18f73

  • SSDEEP

    98304:bE+alFbLmq8SbbuPlVJuHGj02nCaeKV8gIJBAUZL2C+:b1qL8lCG42deKS/JVo

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5d87e2b885d42e48ebc02e710967afb9c25e126f7f78b97fecc27a2fca05e99.exe
    "C:\Users\Admin\AppData\Local\Temp\b5d87e2b885d42e48ebc02e710967afb9c25e126f7f78b97fecc27a2fca05e99.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c echo y|cacls C:\Users\Admin\AppData\Local\Temp\patcher\server\serverlist.txt /t /p everyone:f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" echo y"
        3⤵
          PID:2344
        • C:\Windows\SysWOW64\cacls.exe
          cacls C:\Users\Admin\AppData\Local\Temp\patcher\server\serverlist.txt /t /p everyone:f
          3⤵
            PID:4900

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1280-1-0x00000000037F0000-0x0000000003814000-memory.dmp

        Filesize

        144KB

        Download

      • memory/1280-2-0x0000000000400000-0x0000000000B1C000-memory.dmp

        Filesize

        7.1MB

        Download

      • memory/1280-3-0x0000000000400000-0x0000000000B1C000-memory.dmp

        Filesize

        7.1MB

        Download

      • memory/1280-4-0x0000000000400000-0x0000000000B1C000-memory.dmp

        Filesize

        7.1MB

        Download

      • memory/1280-5-0x0000000076FC0000-0x00000000770B0000-memory.dmp

        Filesize

        960KB

        Download

      • memory/1280-6-0x0000000076FC0000-0x00000000770B0000-memory.dmp

        Filesize

        960KB

        Download

      • memory/1280-8-0x00000000037F0000-0x0000000003814000-memory.dmp

        Filesize

        144KB

        Download

      • memory/1280-9-0x0000000000400000-0x0000000000B1C000-memory.dmp

        Filesize

        7.1MB

        Download

      • memory/1280-10-0x0000000000400000-0x0000000000B1C000-memory.dmp

        Filesize

        7.1MB

        Download

      • memory/1280-11-0x0000000076FC0000-0x00000000770B0000-memory.dmp

        Filesize

        960KB

        Download