Overview

overview

7

Static

static

7

0f4120251f...93.exe

windows7-x64

7

0f4120251f...93.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 07:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f4120251f54ac6c561ef3061dfd3793.exe

  • Size

    768KB

  • MD5

    0f4120251f54ac6c561ef3061dfd3793

  • SHA1

    6dc0bd3a5a9166fcc2afd714bdf6047b11e47aad

  • SHA256

    53aa7b95790d4dbcb4ef2b1c7c1653768ff45ce7c7bafc2b4ac0583acfcb35be

  • SHA512

    a43a432e156d2a833abe14c26067976992c13275364d1115c03b7ffe7617aa7e24e1c26bb7babf66ea1a97bf8c68ec04101fea6e102cdbced08c2121ca2c2a24

  • SSDEEP

    12288:rbpHYUKy5U1bo9t8DMRSW9vbciUiLuAvOxMt11i27QitjGLV:r5sJo6YrFUiyAak11LtjGLV

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f4120251f54ac6c561ef3061dfd3793.exe
    "C:\Users\Admin\AppData\Local\Temp\0f4120251f54ac6c561ef3061dfd3793.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:396
    • \??\c:\Windows\svchest425075242507520.exe
      c:\Windows\svchest425075242507520.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest425075242507520.exe
    Filesize

    36KB

    MD5

    a689bcee787b9b2397644f3faedb36d3

    SHA1

    6813f1d8ce9712a421e830912646f7c23ddc3807

    SHA256

    7ee8e6f7027b82f9562f68ac7f4addbc87e60a068c611202435332fbd3d8b7b9

    SHA512

    9157646bf9d5fe3a79134e73c1c53fa7969e5c77ddfbc6740b1fbff8b46b3217493983d6b4fd708db6038998f6f034d677ab9f075a1f51de1f684c5783189153

    Download Submit

  • C:\Windows\svchest425075242507520.exe
    Filesize

    80KB

    MD5

    73b48fd7a17a15eab91cdcd1de1b56dc

    SHA1

    d2aa8e672512ef2e23d6665473bd2d05b46758d3

    SHA256

    dbe91fd4d10f569594d67043eb6179dfc62b41b79c1588eb2f5d58fc3a7b77f1

    SHA512

    7b76e80c1ea4619c7f7503202f4af615748b101b6eb89538205f6ef03547f9c3a42030b3a5ba47a690af83a0cd1dfe9d7260364daef8dc28475f258006d4998d

    Download Submit

  • \??\c:\Windows\svchest425075242507520.exe
    Filesize

    96KB

    MD5

    4c90a4f924fd0ebc7fd56ae03c28b8c6

    SHA1

    83850dd91e3038f2fc3e2414ee7fc91a9cf816c2

    SHA256

    aeeb0b362900e68791f089a9fac740d14e71009db85bca3ab2c1ed4733e2ec7e

    SHA512

    b9657de917e052fcf7db7e9b58a5814aac0fc8fa3d935cd29be5bd7c7a07f5c0d2fa2156aa39e5a12f95ec24afe85180ff7e3b1495471d6d1c8feb91ab01b3ea

    Download Submit

  • memory/396-0-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/396-1-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/396-13-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2468-10-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2468-12-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download