Overview

overview

7

Static

static

7

SarangUpdate.exe

windows7-x64

7

SarangUpdate.exe

windows10-2004-x64

7

serviceUpdate.exe

windows7-x64

7

serviceUpdate.exe

windows10-2004-x64

7

Resubmissions

20/11/2023, 02:36

231120-c3z3hsec4v 7

Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2023, 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    serviceUpdate.exe

  • Size

    475KB

  • MD5

    e79f996b69d7fa546ed9235fdc0ee06d

  • SHA1

    b1616a455947ef3f29a4b5afdeda99369fc20bf8

  • SHA256

    ec7fcd3f4533d3514a9a42cbc41c40358eea47255bab1171146a5ccebaf20990

  • SHA512

    c0fd12425188d81be78be91facace2a036b81e29ffe4fde13b613a40bc20b39c656f1e0d91542b87973ffd2bc44e05b0354ecb1a488d391ee68f48cf43b44cf6

  • SSDEEP

    12288:QNrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVjSOsJbc:QthTiP+ffCfB5Lf0F7Z1EDsBc

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\serviceUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\serviceUpdate.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG2.JPG
    Filesize

    6KB

    MD5

    e39405e85e09f64ccde0f59392317dd3

    SHA1

    9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b

    SHA256

    cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f

    SHA512

    6733f330145b48d23c023c664090f4f240e9bbeb8368b486c8ee8682ec6a930b73275e24075648d1aa7e01db1ec7b7e259286917a006ba9af8fb7cba3439070a

    Download Submit

  • memory/1984-0-0x0000000000400000-0x000000000053F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1984-18-0x0000000003550000-0x0000000003552000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1984-19-0x0000000010000000-0x0000000010004000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1984-23-0x0000000000400000-0x000000000053F000-memory.dmp

    Filesize

    1.2MB

    Download