Overview

overview

7

Static

static

3

2dc9c5ca9b...c9.exe

windows7-x64

7

2dc9c5ca9b...c9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2023, 22:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2dc9c5ca9b25a2320edec4f0b9f41dc5fb4f1f501d10b54f64f9ef4a18c7a0c9.exe

  • Size

    5.0MB

  • MD5

    488a1f03f48c637d54b83fd2b87cf06b

  • SHA1

    ac557746501f58c849fa33ba2264a774e78d027a

  • SHA256

    2dc9c5ca9b25a2320edec4f0b9f41dc5fb4f1f501d10b54f64f9ef4a18c7a0c9

  • SHA512

    dc4b172247e895be8089a4e2ac24480130e7ce2aef27207e552dcdb9e7fa485a230532b0f7e3fa682bcc90581ca156ebd720071273b338fe5b95d367101feb3d

  • SSDEEP

    98304:GrIFiRY93fvHOHCSRVQcZFoj9ghi1RebM390bYVOQgv1TPLG8ez8E:AtfVojD390bYVsv1zLlegE

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2dc9c5ca9b25a2320edec4f0b9f41dc5fb4f1f501d10b54f64f9ef4a18c7a0c9.exe
    "C:\Users\Admin\AppData\Local\Temp\2dc9c5ca9b25a2320edec4f0b9f41dc5fb4f1f501d10b54f64f9ef4a18c7a0c9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Users\Public\Pictures\c8ctZCc3Q.exe
      "C:\Users\Public\Pictures\c8ctZCc3Q.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c echo.>c:\xxxx.ini
        3⤵
          PID:2464

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG3.JPG
            Filesize

            6KB

            MD5

            e39405e85e09f64ccde0f59392317dd3

            SHA1

            9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b

            SHA256

            cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f

            SHA512

            6733f330145b48d23c023c664090f4f240e9bbeb8368b486c8ee8682ec6a930b73275e24075648d1aa7e01db1ec7b7e259286917a006ba9af8fb7cba3439070a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG4.JPG
            Filesize

            36KB

            MD5

            f6bf82a293b69aa5b47d4e2de305d45a

            SHA1

            4948716616d4bbe68be2b4c5bf95350402d3f96f

            SHA256

            6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0

            SHA512

            edf0f3ee60a620cf886184c1014f38d0505aac9e3703d61d7074cfb27d6922f80e570d1a3891593606a09f1296a88c8770445761c11c390a99a5341ee56478aa

            Download Submit

          • C:\Users\Public\Pictures\Edge.jpg
            Filesize

            358KB

            MD5

            9d2486c1507e05e256d1f3797761d2e0

            SHA1

            f4d646a2db1ea501843f17c00120af5e6e09891d

            SHA256

            0b1ca5a2b2a699bb24c602caa5504e58d2254d41e0d2c92066c07a26a68248a9

            SHA512

            8cd1603165e3c9f624038dbd5a4ecc990c44195bbab32b62c6ea32a6b70fd54bd094bff2c054371d909c2c48ae86c391f4e115ffd46ff76e84de30c1d8a1e6b2

            Download Submit

          • C:\Users\Public\Pictures\c8ctZCc3Q.dat
            Filesize

            132KB

            MD5

            3fd5eb94b1095a7c3a34c23f0192dda0

            SHA1

            fb1e967f25c27c68d46db90b8a5fded3b87bb993

            SHA256

            47c0a8e4f7ad920d610c4ccbf01289712b3860ebf35c5de6b9fbdf43ffb1eca2

            SHA512

            551f961fe1e436979d76a007e02b0609ea85bb5a7dc860d31f38e27ca613f7fcac731a238410e4170b82bdfd3d7360531c9a4f1fefbeb0af41864407a4e3cc0b

            Download Submit

          • C:\Users\Public\Pictures\c8ctZCc3Q.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • C:\Users\Public\Pictures\c8ctZCc3Q.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • C:\Users\Public\Pictures\edge.xml
            Filesize

            53KB

            MD5

            c41973afde3bb4a456ade1849dc3b65f

            SHA1

            a4443b3ba4d076d03b1f28a4269207e4cf070d4a

            SHA256

            edb8705e2b99e945424472fe142325262408ca97b510fe9044adafdd8aed4f09

            SHA512

            5a26ae4f956aeb9e5b0de8d2ee40c55ab4c77fa5434460827f386fc2b89a43db54a36b0b75f6c2fc8cf52fa7c72edd05de5b5bc846cb9610e9de692ab685af29

            Download Submit

          • \Users\Public\Pictures\c8ctZCc3Q.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • \Users\Public\Pictures\c8ctZCc3Q.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • \Users\Public\Pictures\c8ctZCc3Q.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • \Users\Public\Pictures\c8ctZCc3Q.exe
            Filesize

            529KB

            MD5

            49d595ab380b7c7a4cd6916eeb4dfe6f

            SHA1

            b84649fce92cc0e7a4d25599cc15ffaf312edc0b

            SHA256

            207d856a56e97f2fdab243742f0cfcd1ba8b5814dc65b3798e54d022ce719661

            SHA512

            d00ed0d9baae96ccbaf1262b4a4aaf4468e4ace6cebcea81e74d830bf414d9bc61068b8fb0eefa742add14aec47284f3adc11be26c8b8d66bfae4c498f2a4110

            Download Submit

          • memory/2156-19-0x0000000000400000-0x0000000000558000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/2156-43-0x0000000001F60000-0x0000000001F61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2156-45-0x00000000022B0000-0x00000000022C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2156-48-0x0000000010000000-0x0000000010061000-memory.dmp

            Filesize

            388KB

            Download

          • memory/2156-59-0x0000000000400000-0x0000000000558000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/2456-8-0x0000000003EE0000-0x0000000004038000-memory.dmp

            Filesize

            1.3MB

            Download