Overview

overview

7

Static

static

7

7dd765386a...30.exe

windows7-x64

7

7dd765386a...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/11/2023, 12:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7dd765386af586ae7385d5bdf14e9c066c4eb308c9020bcca3ef30e9b6732730.exe

  • Size

    1.1MB

  • MD5

    282923ebd90fa11cf4d2c3fa07a6d16c

  • SHA1

    1f319b99341a61b2d46293df8ef317db7a9f0626

  • SHA256

    7dd765386af586ae7385d5bdf14e9c066c4eb308c9020bcca3ef30e9b6732730

  • SHA512

    2d7e6186c888ee4b2c894510fba64240818c5d3470b003fcc2bfe8dd18d2e675b6499d83e7bf79a57d18f2786df20356f0dcd17fa27a9fed27072df63bb6ea6a

  • SSDEEP

    12288:ZEmC92VnpahSR7BwkASR49lkQHMIWnDp2f47z4PUUhyVb4yDKUgM03qcmT1Pd2Ks:ZEF96C6BwkP2lsl8fEQemdM03zmT1Pi

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dd765386af586ae7385d5bdf14e9c066c4eb308c9020bcca3ef30e9b6732730.exe
    "C:\Users\Admin\AppData\Local\Temp\7dd765386af586ae7385d5bdf14e9c066c4eb308c9020bcca3ef30e9b6732730.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Windows\SysWOW64\edpnotify.exe
      "C:\Windows\SysWOW64\edpnotify.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4864
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\SysWOW64\notepad.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4464
        • C:\Windows\SysWOW64\EhStorAuthn.exe
          "C:\Windows\SysWOW64\EhStorAuthn.exe"
          4⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4840
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\7DD765~1.EXE > nul
      2⤵
        PID:2012

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\WindowRedSystem178.log
            Filesize

            8KB

            MD5

            efcd9b07ab95023dd14cce89cb0c1c6a

            SHA1

            fdd36802e9db16757b802c2b8b1640260ac497f4

            SHA256

            d435aa5ad2109a62a52cb91891afcf7ef968196ea2d79d450522363ef35b9019

            SHA512

            83e80ba2fe94da585f25672ad56771091d942df11272cfac1e172f919f857a2f2a3b975a3f50e01ef833924171e76833bee7b1c3d53bb093fd7f19db0cc12845

            Download Submit

          • C:\Windows\WindowSystemNewUpdate702.log
            Filesize

            7KB

            MD5

            1f820636bc02af868f420d1ddf3fe39f

            SHA1

            c459dd408fa2fd1e7b5716a34621436f2eacf83b

            SHA256

            6366a17514ad4933812456367d111b029b30d55979fc8c50f3582790ad290145

            SHA512

            d8e362db996043045baba3cc3b72d0ca70c0ec0152f7bff9a8161f93eeb6c972f3f2d94adfd74ca1f7aa57d6acc15181d9675d11d76e08792b6c5501d6fcfe31

            Download Submit

          • memory/4224-39-0x00000000002E0000-0x000000000041C000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4224-37-0x00000000002E0000-0x000000000041C000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4224-0-0x00000000002E0000-0x000000000041C000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4464-142-0x00000000005E0000-0x00000000005FF000-memory.dmp

            Filesize

            124KB

            Download

          • memory/4464-146-0x0000000002460000-0x0000000002484000-memory.dmp

            Filesize

            144KB

            Download

          • memory/4464-171-0x0000000002460000-0x0000000002484000-memory.dmp

            Filesize

            144KB

            Download

          • memory/4840-193-0x0000000010000000-0x00000000105C1000-memory.dmp

            Filesize

            5.8MB

            Download

          • memory/4840-176-0x0000000000E00000-0x00000000013CC000-memory.dmp

            Filesize

            5.8MB

            Download

          • memory/4840-177-0x00000000017F0000-0x000000000180B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/4840-191-0x0000000010000000-0x00000000105C1000-memory.dmp

            Filesize

            5.8MB

            Download

          • memory/4840-290-0x0000000010000000-0x00000000105C1000-memory.dmp

            Filesize

            5.8MB

            Download

          • memory/4864-41-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-59-0x0000000003C40000-0x0000000003FA8000-memory.dmp

            Filesize

            3.4MB

            Download

          • memory/4864-31-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-32-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-33-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-36-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-28-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-27-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-40-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-25-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-43-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-44-0x0000000003210000-0x000000000331F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4864-52-0x0000000003210000-0x000000000331F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4864-55-0x0000000003210000-0x000000000331F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4864-56-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-63-0x0000000003210000-0x000000000331F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4864-68-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-30-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-58-0x0000000003210000-0x000000000331F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4864-71-0x0000000003580000-0x00000000035B8000-memory.dmp

            Filesize

            224KB

            Download

          • memory/4864-70-0x00000000046A0000-0x00000000049E3000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/4864-118-0x0000000006190000-0x00000000064D2000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/4864-22-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-23-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-20-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-19-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-17-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-8-0x0000000010000000-0x00000000100FD000-memory.dmp

            Filesize

            1012KB

            Download

          • memory/4864-7-0x00000000009B0000-0x00000000009CB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/4864-5-0x00000000009B0000-0x00000000009CB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/4864-274-0x0000000003210000-0x000000000331F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4864-3-0x00000000009B0000-0x00000000009CB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/4864-279-0x0000000006190000-0x00000000064D2000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/4864-2-0x0000000000730000-0x000000000083D000-memory.dmp

            Filesize

            1.1MB

            Download