c6db9cd7fa8fc41815a26e79488949a6bbca69e183f1f48679d874f24cfb87a1

Analysis

max time kernel
61s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

111c4613727d8564fcdef59a3fb46d1e.exe
Size

38KB
MD5

111c4613727d8564fcdef59a3fb46d1e
SHA1

01a7f55b353a6b5f80dcdfecb1b66dcd87942c8c
SHA256

c6db9cd7fa8fc41815a26e79488949a6bbca69e183f1f48679d874f24cfb87a1
SHA512

5a978db418c490a53f83f3729b88b45b913d32cd0f934b466354d6531f29fa243fc3f66798bba4947ccb6f517fa76e4971b77c9ff7a84fc62eda37e18f9740ce
SSDEEP

768:53FbghaYPiZ9LiCTnEV9zdeGYyLIA4Ez4VrQLrs:ZFkYYPsMvzde1yLIG4VrWs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2344-1-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" \DelayServices	111c4613727d8564fcdef59a3fb46d1e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2344	111c4613727d8564fcdef59a3fb46d1e.exe
2344	111c4613727d8564fcdef59a3fb46d1e.exe

C:\Users\Admin\AppData\Local\Temp\111c4613727d8564fcdef59a3fb46d1e.exe
"C:\Users\Admin\AppData\Local\Temp\111c4613727d8564fcdef59a3fb46d1e.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2344
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.download787.com/sanity.php?1=965058-10036
  2⤵
  PID:2652
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
    3⤵
    PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4308164d4b0e87699b7ff3421ac498e

SHA1
f63a229a138a99a2608d1b5ffeb1a1ba86c5d92b

SHA256
751cfa1f2449569216313560c3f4dbc1294eeccbd377cad3e086c1e1a777695d

SHA512
f7f9c63c9d0737bddd1c6686c7737698dbec8e4b7fe39188507e8baa28aa516b52861710adfb75946cb3930d709b8e5dae1b6e1b012d8f1ec44ff056a9189f46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a413f92c34dd8bfbefdcc7833072b259

SHA1
e2be40e3f69e4315f3f64af0b5c4fdafef404944

SHA256
c7232a6057601abd4835ae3277b57a2ba6f6277b414e971fe511427ab39e562b

SHA512
4153bd4b97d306c5db81c335b7946e756bfbb411d168f13a90d9260e87c4449c31b29692074b8e75afe3def4ef11cb4357e053853725d5529475d1feb366f531

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3776a14be2de6c6146aa086a8ffa0f61

SHA1
e31237cb46a0abdf6a9a8525431d401af0764047

SHA256
676d173e46cc1d438d9e87ab268522658740c511df6a6abb1ac202ebe566b500

SHA512
f72024aea328a5eedef8f948edb9deacf621302f7973451599c649a7f544b4702da5f43dc5d75a76a145512d55fb96145ca5dfbfca5bec3c43dc3da744ef84d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4cb2d24484d5ad4ca1b147b11543f1c

SHA1
e57f82778fcfd85860ca083a34f7b9ee55a178ea

SHA256
8977935c76549d0810cf50f7ecf2b7babd28ff6d6e96eff24c453e1a8f626e5c

SHA512
0da94ebe55f9cea7560214e757caea93d255984d4421c8ace5d31d10fd67a233190d93c277cd48ea25610b7595ad3add8218891e464b3ef6bd8731b9829a4ece

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4993689db2b037143df2f15b442d0bd7

SHA1
7593cd466de422e2e37e8776b0f0b0f6462620ed

SHA256
56adfffa29ad45ba9f406ba8caca9467d97bcd3c871ec4e78acceff9d0fd1f61

SHA512
1a3eaffd0790134d999abf84eb89a683f4c55ab7ef8e0e83eaf0541076ccb2bbf5a093d54bbd931a31dc31950e768801bec7aa80fbeb59a5d750d9334613e1a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f365459a67af2853a94f5bb4a7fab435

SHA1
2ac398c9052b2edd483c1cf299ad52fecccb1d57

SHA256
4a78d9b17bf8e5c135531df65057d12cb0d9cd3c5461c0604552b59c84974979

SHA512
f19f3c377be59ee05b9c70747b8cd99293eafdedcaad243926f5fc157446a786946a1dd9d9589f669d00e591b4985f0ea9950ddb2c9198f31a94ff33ab9eaed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa34b7f8c4d5fd70e36f46ed27d9adc5

SHA1
6390ca0f80e80574d358da246b6a5b7f8b5e1cd3

SHA256
dcd4d9f93d422c6745a4769d49d1d86481145424f31667f2e2a70ced7ef30314

SHA512
24527bb6dd28bddcf75fb2bfa87d2a1aee951e6d6a372b6096b436b5d795d891385f7b85b34d3d7e846197777c7b2e59c6438b4fc6638107addc95f9297e1156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e3428cfbf76c2fd713df15c5a94a897

SHA1
399021fcd386eb014be4a1c1b66248fbfdb3a419

SHA256
3ce4bade4d67c0b61f55f00ebfe5030086b3ec750cc5ca5ab806ee0a026f439d

SHA512
46224f518d68654a1f9f1c3f55116724761ad84dc34e5a7aa38bf2fe28be566fc5ed66757ae8013aa29c84f9853ed283250a9e1e9e16ad448555e29fe0ee41d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
186b9bc20c5e6e0b71a19729dab7ea03

SHA1
9d1460777f5578387550e716cc3e14f6547b7445

SHA256
5c88d71dd74d7e3e9181c2d757a827c88bc54b7a46da9a947c54eded927ebda5

SHA512
2aa90789c984a3fb1cf56152219331645ba2a23e423baa9b4ae92ef22ecdb6f65f212e33d67176dd0812d9d5192188f2f497a9455178d4d38b65aed64c22a8cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab62EB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6B85.tmp

Filesize
85KB

MD5
250d357a0820213697a3d095e9307caa

SHA1
e48dfc3b113a460d7a30af964e885b8c253d60d5

SHA256
e7e9947ab35a40bcb80757447fac3242ea9480035829d8c18ce2e0b001284225

SHA512
74dd9aa0b7649e6e82e0b31f7403e2521c2dd9564a6f8d8f8be6b49c7a88e2b4026aa59bc1659c226c7ed2700c967ca536c3a06a1c9601a7b9d65f2d9056ccad

Download Submit
memory/2344-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2344-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2344-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download