Overview

overview

7

Static

static

7

0222794aea...b9.exe

windows7-x64

7

0222794aea...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0222794aea4fb770257b3e9e3f0935b9.exe

  • Size

    591KB

  • MD5

    0222794aea4fb770257b3e9e3f0935b9

  • SHA1

    91670b72550669e6254071834c04e449b1918c6d

  • SHA256

    e8727ddc01dab3c6961d9f3dd569e01ae80600f5f3e9abb1a41631978084c36b

  • SHA512

    c96e25826880f1595ba4c7edbadbbd4bae77bf22b3b190bf8afc8f185fb0a7de55c41105df64a464924d97270235a686ea77e5fdf2b39ee50808cd78489f41f4

  • SSDEEP

    12288:erFbkdvryD1N6oZqiuArohCIOCVNd7zG0WLzCFn7/ewKlGMVHwi0/IH:eJbmrIr6oZ7IVZW0WXw7/ecMqiAE

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 4 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0222794aea4fb770257b3e9e3f0935b9.exe
    "C:\Users\Admin\AppData\Local\Temp\0222794aea4fb770257b3e9e3f0935b9.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /C \\game\command$\setup.bat
      2⤵
        PID:1724
      • C:\Windows\stop.exe
        C:\Windows\stop.exe
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: GetForegroundWindowSpam
        PID:2292

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\stop.exe
      Filesize

      293KB

      MD5

      c94f0354f50198afe394788c82f2a72d

      SHA1

      ea491e3b050e467b784ba4b656da179f06fce31f

      SHA256

      44edf11f1d0ab61edd5f9dd95a82416ed6a3074e2d4b0e7a239b1ff3e6c0d6f1

      SHA512

      dfbac6853e67effc670de63abf894d3f842dbe02b09bda7095485a79210513f0948f54e58fa52609e3aafc10c441c302924185c95754fa5fbefa372bf0388f36

      Download Submit

    • memory/1636-0-0x0000000000400000-0x00000000004C0000-memory.dmp

      Filesize

      768KB

      Download

    • memory/1636-10-0x0000000002EE0000-0x0000000002F97000-memory.dmp

      Filesize

      732KB

      Download

    • memory/1636-13-0x0000000000400000-0x00000000004C0000-memory.dmp

      Filesize

      768KB

      Download

    • memory/1636-15-0x0000000000400000-0x00000000004C0000-memory.dmp

      Filesize

      768KB

      Download

    • memory/1636-16-0x0000000002EE0000-0x0000000002F97000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2292-11-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2292-14-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download