Overview

overview

7

Static

static

7

02d39bdf04...71.exe

windows7-x64

7

02d39bdf04...71.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    169s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02d39bdf042aa00c8bbc6a6dc2549b71.exe

  • Size

    963KB

  • MD5

    02d39bdf042aa00c8bbc6a6dc2549b71

  • SHA1

    190576579181f53d5920b470a795f454acbdb823

  • SHA256

    4ffcef811b06685f47df5b5118ab7aded2d438064e76199373b22584921071c2

  • SHA512

    fae9b2ba344220a36106b6102cf21d90a9880aad6efed519ab01ab596220888baaaf493a8a2ea1263d82c95fddcb75aa6443b6cd46d05b9f177198a9e84b059b

  • SSDEEP

    12288:rbpHYUKy5U1bo9t8DMRSW9vbciUiLuAvOxMt11i27QitjrHANUTNZ0i:r5sJo6YrFUiyAak11Ltjx0i

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02d39bdf042aa00c8bbc6a6dc2549b71.exe
    "C:\Users\Admin\AppData\Local\Temp\02d39bdf042aa00c8bbc6a6dc2549b71.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2752
    • \??\c:\Windows\svchest000.exe
      c:\Windows\svchest000.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest000.exe
    Filesize

    228KB

    MD5

    3afdc90b43316aa706bf197fcef285f4

    SHA1

    3db4d0180a543d792ad7a3de5a845b600e77479d

    SHA256

    53087136ac598ee07e901890f651e1d3be8f1d76b52d821d4259fc47fef1bde9

    SHA512

    5e5540b606dd732391cbc94d7369ee70cf35eea3585d3b388d9e17e62e49b6bf78430f5178bc4aa99aa6493959f73a2d4bf7c1744c80d99699b18e02a46a4a2f

    Download Submit

  • C:\Windows\svchest000.exe
    Filesize

    234KB

    MD5

    06c0ee7e77d8e88f5c8cd45f36ca18ac

    SHA1

    a028c4e9ed8f8bef039d6f2996e809c433f3434d

    SHA256

    971d6eb39df01257d59dd0ca07778455cbec3cf09580d8f9c5bfec1fa85259e5

    SHA512

    d607da4df4e8689108d0f3d39187e5e6294f73cc3dbb8d768c66b498cfff1d69262425d2c540bfe044b79ab1761e35990c7572b32d4a98d8660f3b2394e2971c

    Download Submit

  • memory/2752-0-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2752-1-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2752-14-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2752-15-0x0000000002730000-0x00000000028C7000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2844-9-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2844-13-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download