Overview

overview

7

Static

static

7

d00deb575c...1f.exe

windows7-x64

7

d00deb575c...1f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2023, 17:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d00deb575cb3dca2ff0c8760448e3f1f.exe

  • Size

    34KB

  • MD5

    d00deb575cb3dca2ff0c8760448e3f1f

  • SHA1

    aee326c5cc79fffbe86cfdb2ee8b98cc9e051d2b

  • SHA256

    9dd8fd5cc5fe7498c5ac4e1c7c46117555f245360f0792e2a18d39b0eb9244a7

  • SHA512

    d6595623c9d71d9314eda21c5e201791b363f04d8541a1f74036588a0c1a430067118482a63205112645bdeae0ad440dbd9e80a5dfeea1baa7b758a51fa7500b

  • SSDEEP

    768:pwy7luXqnKZ3URe/cqhVnjBsuC1bfeFb1RbfrFFz:aypnKZ3Ulchtsl1bfw/frFd

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d00deb575cb3dca2ff0c8760448e3f1f.exe
    "C:\Users\Admin\AppData\Local\Temp\d00deb575cb3dca2ff0c8760448e3f1f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:2172

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\tmpCD01.tmp
          Filesize

          34KB

          MD5

          a618cc1f0f4f14a3886f0073cc80026d

          SHA1

          7b649201e94318919a451cc9cf0a84be0c56a258

          SHA256

          ea6c13b855a9cb1cf5a4f40b84ab6d73b085de31071a93d3b1ba8587973445c2

          SHA512

          81ec2189f2ed578029e9e5b6fe5f7b3324a30b09bb25647a7ba82d4072898a890bfae078144f30676b7a07629419ff883f9d2aa4a0800e13d9759def948ab30e

          Download Submit

        • memory/2172-0-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-3-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-5-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-7-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-9-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-11-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-90-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-146-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-147-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-148-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download

        • memory/2172-170-0x0000000000800000-0x000000000080E200-memory.dmp

          Filesize

          56KB

          Download