Overview

overview

7

Static

static

7

5d6824ab93...58.exe

windows7-x64

7

5d6824ab93...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    163s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 14:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5d6824ab936ca03b714928257efbc262d9a3c64edb60dee8965c865ce0090a58.exe

  • Size

    1.4MB

  • MD5

    6dc738e23024f208b4817c0df29dd878

  • SHA1

    265bdfab29eaa5ddbcf421b00efda08b9bdec6e4

  • SHA256

    5d6824ab936ca03b714928257efbc262d9a3c64edb60dee8965c865ce0090a58

  • SHA512

    92e535c162c7e7d332e0b617a81b367b2077170afc945014e89515866d7cfbf9325060f30de7677447425808bf6b02a1f0f704b18f2eedf009e9312a19453306

  • SSDEEP

    12288:dOuW5o/oStsk4CWKKCrZTGF/k8uMxtxPvvzCeY:djSow1kJbKkKF/eMNPj4

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 3 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d6824ab936ca03b714928257efbc262d9a3c64edb60dee8965c865ce0090a58.exe
    "C:\Users\Admin\AppData\Local\Temp\5d6824ab936ca03b714928257efbc262d9a3c64edb60dee8965c865ce0090a58.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3060

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\CabCDE.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarD10.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • memory/3060-0-0x00000000008D0000-0x000000000093E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/3060-1-0x00000000008D0000-0x000000000093E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/3060-40-0x00000000008D0000-0x000000000093E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/3060-44-0x00000000008D0000-0x000000000093E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/3060-117-0x00000000008D0000-0x000000000093E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/3060-335-0x00000000008D0000-0x000000000093E000-memory.dmp

          Filesize

          440KB

          Download