Overview

overview

7

Static

static

1

219328445b...8e.exe

windows7-x64

7

219328445b...8e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2023 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    219328445b7544f4fe594a6b5bf4f152f844275d8321c1aa3ce24586d29bd88e.exe

  • Size

    3.9MB

  • MD5

    babdcce1b0e5f50ee63534e1aec3c7eb

  • SHA1

    63d75ca0e99c27c0050e7675b9965bf6f263622e

  • SHA256

    219328445b7544f4fe594a6b5bf4f152f844275d8321c1aa3ce24586d29bd88e

  • SHA512

    656df26d44902cdd65d7be2fa1453c5c3d83e43864afc0195640a856c1d4617a7a509f039c972b4fb5ba99d59d49bcb781265f7c91f05eb1200655471653a674

  • SSDEEP

    49152:MwAoUvqHIhXjEK9lLYYckreBHUHc2E1EelrdeMgmJmZ+:9ArFhoKdr1lexTgmJX

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\219328445b7544f4fe594a6b5bf4f152f844275d8321c1aa3ce24586d29bd88e.exe
    "C:\Users\Admin\AppData\Local\Temp\219328445b7544f4fe594a6b5bf4f152f844275d8321c1aa3ce24586d29bd88e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Users\Public\Downloads\H5yPdGnL\9itPzIUc.exe
      C:\Users\Public\Downloads\H5yPdGnL\9itPzIUc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c echo.>c:\xxxx.ini
        3⤵
          PID:2592

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG3.JPG
      Filesize

      6KB

      MD5

      e39405e85e09f64ccde0f59392317dd3

      SHA1

      9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b

      SHA256

      cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f

      SHA512

      6733f330145b48d23c023c664090f4f240e9bbeb8368b486c8ee8682ec6a930b73275e24075648d1aa7e01db1ec7b7e259286917a006ba9af8fb7cba3439070a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG4.JPG
      Filesize

      36KB

      MD5

      f6bf82a293b69aa5b47d4e2de305d45a

      SHA1

      4948716616d4bbe68be2b4c5bf95350402d3f96f

      SHA256

      6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0

      SHA512

      edf0f3ee60a620cf886184c1014f38d0505aac9e3703d61d7074cfb27d6922f80e570d1a3891593606a09f1296a88c8770445761c11c390a99a5341ee56478aa

      Download Submit

    • C:\Users\Public\Downloads\H5yPdGnL\9itPzIUc.dat
      Filesize

      132KB

      MD5

      b8fb581c332ae3bf6572852a3e5395a6

      SHA1

      8f12dfc5e2cd67fe4c7e714b5f08fccdc374857e

      SHA256

      fc6614be70309363c14bad1ad4a56c1a9336b0e5e4b0e54ca1737821cc5b72a8

      SHA512

      c7fc3942f5fea3e278ffb7a2c547f0bcc6ed0d0c88eb1bbd66fc5763494de775c98932bd8c641e99f5383e16b65b4d46721887287af5b15164ae91892d223208

      Download Submit

    • C:\Users\Public\Downloads\H5yPdGnL\9itPzIUc.exe
      Filesize

      525KB

      MD5

      b26dbb58b5f59adc48d8186f0098adb2

      SHA1

      a9234b5a0d214556fa1aba86f660c89e9e43664c

      SHA256

      b5e36616c274fd0ce6aed41857c61d1192d6c206a7743900fd4600285fbc35e0

      SHA512

      3566ad968b45759f66fd2d1b2bbbb688a61d591ec33434862ffc5ee6ed3aaed01712a2ddfdad6adb563b1cd78dae97483528bf137f27006817f81cfc30c687cc

      Download Submit

    • C:\Users\Public\Downloads\H5yPdGnL\Edge.jpg
      Filesize

      358KB

      MD5

      d0f9bde630bf8fa252de424ec7aff3d5

      SHA1

      42d9b1e493fb9d14684a425c91c5873a4089f08a

      SHA256

      5c932f9a944d1c6854f874db951d38e393ab0f635975d959b2e9379b399ae717

      SHA512

      f80abe55b1d9bd8465e9c0cf61487cc86a33e8407c4171b5a06733fbd8a6252043638ebfe69bb15950e1dbcf72373c6df9399ddf5c3c1addb3652c6d977ced74

      Download Submit

    • C:\Users\Public\Downloads\H5yPdGnL\edge.xml
      Filesize

      53KB

      MD5

      7a74f494b9b05c47ef8a207a5166b071

      SHA1

      c132a44fa5e8198fbfee2f2fb9f017ce6b9dae9d

      SHA256

      b330da238a51e403cea46dcc060476c93e2e215b7289cec5c1e01bb317181e22

      SHA512

      75414f24a8cb494b57729514acd657c2cc1a207d5efa079518aba2d87408495d8187e038555c8c8cd38218b577640f6f29a6868789611e9ab14c168e1968a943

      Download Submit

    • \Users\Public\Downloads\H5yPdGnL\9itPzIUc.exe
      Filesize

      525KB

      MD5

      b26dbb58b5f59adc48d8186f0098adb2

      SHA1

      a9234b5a0d214556fa1aba86f660c89e9e43664c

      SHA256

      b5e36616c274fd0ce6aed41857c61d1192d6c206a7743900fd4600285fbc35e0

      SHA512

      3566ad968b45759f66fd2d1b2bbbb688a61d591ec33434862ffc5ee6ed3aaed01712a2ddfdad6adb563b1cd78dae97483528bf137f27006817f81cfc30c687cc

      Download Submit

    • memory/1928-6-0x000000002AED0000-0x000000002B028000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2152-9-0x0000000000400000-0x0000000000558000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2152-31-0x0000000002030000-0x0000000002031000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2152-34-0x0000000002290000-0x00000000022A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2152-36-0x0000000010000000-0x0000000010061000-memory.dmp

      Filesize

      388KB

      Download

    • memory/2152-47-0x0000000000400000-0x0000000000558000-memory.dmp

      Filesize

      1.3MB

      Download