Overview

overview

7

Static

static

7

77e888b635...a8.exe

windows7-x64

7

77e888b635...a8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77e888b6353908cd41d40440d832a94068970063f736d73dc1af6e41a50816a8.exe

  • Size

    180KB

  • MD5

    d6fb7f2051e7d45bdf18f3051c66aef8

  • SHA1

    8f922a11a351e56d5fdf362427a7bf7bb5f56a7f

  • SHA256

    77e888b6353908cd41d40440d832a94068970063f736d73dc1af6e41a50816a8

  • SHA512

    be0a954279f9e09557b55091b9fdaa4818af6129ac43e70260afd54cf887e5cde3d6403940fe913bae6680b5de221b270e83f35c109507190340f58b3e2beda2

  • SSDEEP

    3072:IyrN/sVywaEj1Us10nf8gs7A4gdqyn8QXytdNnP7oyYDohh10C7iQD:Nh9wv1UvUg93dtXedSehheC7d

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies WinLogon 2 TTPs 15 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77e888b6353908cd41d40440d832a94068970063f736d73dc1af6e41a50816a8.exe
    "C:\Users\Admin\AppData\Local\Temp\77e888b6353908cd41d40440d832a94068970063f736d73dc1af6e41a50816a8.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2432
  • C:\Windows\SysWOW64\lcss.exe
    C:\Windows\SysWOW64\lcss.exe
    1⤵
    • Executes dropped EXE
    • Modifies WinLogon
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\crypto.dll
    Filesize

    162KB

    MD5

    27084f6c8667078431005226eed1bf37

    SHA1

    e3f7e6607c25af28453ccccc3b73be5f1bc136c4

    SHA256

    039c80cc18776f440a5227d1d568738256c17edf6fbb400038ce3c466162e263

    SHA512

    06307f01256862836fee3c3a3b13ccc2808b8af7706a4cf117f163cb567f89e99def83f3eac421e772b20c62623c16cf94ba56a2d4c5c784ef1c6c9d9d930d67

    Download Submit

  • C:\Windows\SysWOW64\lcss.exe
    Filesize

    189KB

    MD5

    3a1bf11518a37d1fb98cc6f5936a3565

    SHA1

    b895772696540b24a2df8dcdfc7ae25670d200c0

    SHA256

    a43a756e767ca8201e6b71b034b73b5dcfbca566d684bbb7288372eba1dbf4a7

    SHA512

    6486aa86cec8c87e5d90067c0bbb46887fda25b8253b0813272471ec42285f896b778f66fc229323dd6a49a16eaffacb4cc1deaec6700676d2f39b2d3b706a42

    Download Submit

  • C:\Windows\SysWOW64\lcss.exe
    Filesize

    189KB

    MD5

    3a1bf11518a37d1fb98cc6f5936a3565

    SHA1

    b895772696540b24a2df8dcdfc7ae25670d200c0

    SHA256

    a43a756e767ca8201e6b71b034b73b5dcfbca566d684bbb7288372eba1dbf4a7

    SHA512

    6486aa86cec8c87e5d90067c0bbb46887fda25b8253b0813272471ec42285f896b778f66fc229323dd6a49a16eaffacb4cc1deaec6700676d2f39b2d3b706a42

    Download Submit

  • C:\Windows\SysWOW64\lcss.exe
    Filesize

    189KB

    MD5

    3a1bf11518a37d1fb98cc6f5936a3565

    SHA1

    b895772696540b24a2df8dcdfc7ae25670d200c0

    SHA256

    a43a756e767ca8201e6b71b034b73b5dcfbca566d684bbb7288372eba1dbf4a7

    SHA512

    6486aa86cec8c87e5d90067c0bbb46887fda25b8253b0813272471ec42285f896b778f66fc229323dd6a49a16eaffacb4cc1deaec6700676d2f39b2d3b706a42

    Download Submit

  • C:\Windows\SysWOW64\net.cpl
    Filesize

    205KB

    MD5

    b7bc501375799f263519bfa7cc99dd3e

    SHA1

    57f12e174903ad36f879a5eb9ff51cf026a6d22f

    SHA256

    6084b36bf2b1b5fbc8a8537c457e954a63b1149189993cfe15838677686b0fd8

    SHA512

    82d1e9a5f6c94060ba2044c2dbd85767066d4ac4875969277b353ac41600f8017e2623db2d0445ff89d0f06400ae3d5e151151e02ca63310c387b2a339513636

    Download Submit

  • C:\Windows\SysWOW64\net.cpl
    Filesize

    205KB

    MD5

    b7bc501375799f263519bfa7cc99dd3e

    SHA1

    57f12e174903ad36f879a5eb9ff51cf026a6d22f

    SHA256

    6084b36bf2b1b5fbc8a8537c457e954a63b1149189993cfe15838677686b0fd8

    SHA512

    82d1e9a5f6c94060ba2044c2dbd85767066d4ac4875969277b353ac41600f8017e2623db2d0445ff89d0f06400ae3d5e151151e02ca63310c387b2a339513636

    Download Submit

  • C:\Windows\SysWOW64\wlogon.dll
    Filesize

    204KB

    MD5

    9e062c1f141bc70f1c11457f5c4b1862

    SHA1

    767f405c4acad599d56ea9dce68bc56a3b0c42f5

    SHA256

    97b77f993b3332d354c6238d04e87e9fae3009e6339333bbbc647e8aa4f44ce3

    SHA512

    613dcb2e1a30ac01d3210409bace7e42b7a77bc319fa67ded595fa3d71d38f31fb70a5f31aa5045fa36214c0554f7794cf8bf79c930cd54c6f51549f447eefbd

    Download Submit

  • memory/2432-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2432-30-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2600-31-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download