Overview

overview

7

Static

static

7

1bdf8b163a...bc.exe

windows7-x64

7

1bdf8b163a...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1bdf8b163a9a3f3dd47299e387294bbc.exe

  • Size

    1.1MB

  • MD5

    1bdf8b163a9a3f3dd47299e387294bbc

  • SHA1

    1fcab913e4ef95c3e44f8a4c529812f90d781770

  • SHA256

    22b374ea25f4fcee86b8ee006adc5bdec3aa869ef206bfda22912c13ac5f888c

  • SHA512

    bbb0ff70d532f61d6e5fadfe3cac5f66a16eef01f2bac7e80eabd0829284bc5c767a6d66eca27336260f8f7127f5b2a4e21439e5b36cb1e572f6001bfe9ff199

  • SSDEEP

    12288:rbpHYUKy5U1bo9t8DMRSW9vbciUiLuAvOxMt11i27QitjpuMHANUTN/:r5sJo6YrFUiyAak11Ltjpu0

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1bdf8b163a9a3f3dd47299e387294bbc.exe
    "C:\Users\Admin\AppData\Local\Temp\1bdf8b163a9a3f3dd47299e387294bbc.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1040
    • \??\c:\Windows\svchest000.exe
      c:\Windows\svchest000.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest000.exe
    Filesize

    1024KB

    MD5

    77ff20cdee59752b7bf24f4685a3f6a7

    SHA1

    8aef358c20eb713c019e8dac038baa329330e60c

    SHA256

    4dc96d3768345234e0b75f1da8a2c517a185d7e7b72f048b2297452b1b963908

    SHA512

    fc7f8a6e8302c0c18077567914fd733e2b2433505e71fc406089812345e04daeaf3cbad822d6a50b36e69881e7bc0b0c3a9f98347cad6d49d23c3e04b7efd594

    Download Submit

  • memory/1040-0-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1040-1-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1040-14-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1040-15-0x0000000002810000-0x00000000029A7000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2436-13-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2436-10-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download