Overview

overview

8

Static

static

7

433b60ec85...48.exe

windows7-x64

8

433b60ec85...48.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 23:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    433b60ec8569dc571c8d4eafcf9fee48.exe

  • Size

    123KB

  • MD5

    433b60ec8569dc571c8d4eafcf9fee48

  • SHA1

    7cc9824a16123c544de418762e4d34b86bd4377d

  • SHA256

    55b8e128c0b222d7d07cbbfb38297fa9cfbf7cd77da9129ef608005d02d90b52

  • SHA512

    b9b0d3218689c0a03b19ff42069335fc7a4aa13f4b07a3adc3af364cc536a3be2b0739c0ca4b334f9ba5ca0a23272a46590e2240639b34664d13d06b3d808096

  • SSDEEP

    3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLL7ZYD:OVYrJrOSsRwcpA

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs regedit.exe 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\433b60ec8569dc571c8d4eafcf9fee48.exe
    "C:\Users\Admin\AppData\Local\Temp\433b60ec8569dc571c8d4eafcf9fee48.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Windows\iaccess32.exe
      C:\Windows\iaccess32.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:2592
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4892
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Windows\system32\egaccess4_1071.dll"
      1⤵
        PID:4696
      • C:\Windows\SysWOW64\regedit.exe
        "C:\Windows\System32\regedit.exe" /s C:\Windows\tmlpcert2007
        1⤵
        • Runs regedit.exe
        PID:2548

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\iaccess32.exe
        Filesize

        92KB

        MD5

        7e9b4370ec7286ad2fbe71f5e067dd44

        SHA1

        65abc2b91c7253b780cdad58e019aa1afdea84fa

        SHA256

        b948bc89a5db889bc922440e2b130a032d961de35017b17e9895c6676c9c4e11

        SHA512

        9386bfd582acdc1d4df370065bac70bbd080217ac02cadc12f0efa63a0d373999dc5ba92d865b523f3624b8f888bdac6b9b68f5f47c75a4f3d58025162aaf926

        Download Submit

      • C:\Windows\iaccess32.exe
        Filesize

        94KB

        MD5

        e74e19f4d2ca4ec83d67c210e82cf79c

        SHA1

        2cd91350c1c36dca410f91b2c4eb7256832c7875

        SHA256

        d692a2913880dc92f972eee222201165c8c7ce825d04ed361ab9b8a39ba15906

        SHA512

        c860909d2041b828ed5dd571e9754405e87bb65c7e6cfff830959ca33e4ab51ab0b3a189aaa3ed3ed26c140bc8a1355060f4c0fdfd7c9ac2644dd6ea5ae44cf5

        Download Submit

      • memory/2592-6-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2592-58-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/4560-0-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/4560-5-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/4696-28-0x0000000010000000-0x0000000010047000-memory.dmp

        Filesize

        284KB

        Download

      • memory/4696-60-0x0000000010000000-0x0000000010047000-memory.dmp

        Filesize

        284KB

        Download