Overview

overview

7

Static

static

7

1072a83c19...4a.exe

windows7-x64

7

1072a83c19...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    181s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1072a83c193e77a54f1935b2c1f4934a.exe

  • Size

    1.0MB

  • MD5

    1072a83c193e77a54f1935b2c1f4934a

  • SHA1

    d942081ab814ff8f7fbc0980113466c7acf4f688

  • SHA256

    6d87c385194f0def116818468b69ad2b3ee4ac94700e006cdf90aff7f3daf012

  • SHA512

    75cc4ec31c213e191cfad58798e4086fc357a8f46d3eb7419ea570ff2885433a85c6730722aaae0ae070638c1f97f1acc54cbaa755868024cc40a115b8566e52

  • SSDEEP

    12288:rbpHYUKy5U1bo9t8DMRSW9vbciUiLuAvOxMt11i27QitjNUUw:r5sJo6YrFUiyAak11LtjNw

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1072a83c193e77a54f1935b2c1f4934a.exe
    "C:\Users\Admin\AppData\Local\Temp\1072a83c193e77a54f1935b2c1f4934a.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2304
    • \??\c:\Windows\svchest000.exe
      c:\Windows\svchest000.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest000.exe
    Filesize

    129KB

    MD5

    8bac91aac7ead78ffef13eae9908df85

    SHA1

    b183e425cbd0869a2a8f6afe45c58bd7c3e260b2

    SHA256

    19c38884defb035cae493c7b766eacdba213ecf05fec7748a6e2a590e028769f

    SHA512

    313b81cf798a003ed39ca9a17b490f01060a97ce06a0e924ceb5d634a7cc6d7e560696931dfaa2168c278052cf3879588d0caf93e1eef20d539e1fb66b0379ac

    Download Submit

  • C:\Windows\svchest000.exe
    Filesize

    167KB

    MD5

    73ffdf11b64c6ea7c135ccba529ba50e

    SHA1

    7cb8292db0a1e7120739b49d72e204a6c2a07f17

    SHA256

    327d3e5a5ebdd40e545c8602d3f69d33d7d63a07699934868b9870906711d39f

    SHA512

    2fcb017d03c2e4ee360dcf5569e55afb47c32a5ffd7aa4f416a056001920097b7d22c6f1b9197874ea9fa223b4415f90e0ee279a8c9ee20d68bdbb1632dad055

    Download Submit

  • memory/2304-0-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2304-1-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2304-9-0x00000000027C0000-0x0000000002957000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2304-14-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2304-15-0x00000000027C0000-0x0000000002957000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2580-13-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download