Overview

overview

10

Static

static

7

1df7b467d1...e1.exe

windows7-x64

10

1df7b467d1...e1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1df7b467d13f9bb7288702af93f915e1.exe

  • Size

    298KB

  • MD5

    1df7b467d13f9bb7288702af93f915e1

  • SHA1

    dad82faac263f54da50dd622de7ca5e507561d59

  • SHA256

    35c22d46b0e4a81188ed98fddd6cbdbb017cc08ebbe8daca4548751be063bc46

  • SHA512

    63c241c20d0e2ee404c282dfd8cd1cbd7931c5540f5edb7b7a8b0f022b07fca62601642b746765b1e69f6a38fe288be48da77e6f63bfd0ac8d125a13e824d492

  • SSDEEP

    6144:EuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLqIYv:v6Wq4aaE6KwyF5L0Y2D1PqLs

Score
10/10
evasionupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • AutoIT Executable 14 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1df7b467d13f9bb7288702af93f915e1.exe
    "C:\Users\Admin\AppData\Local\Temp\1df7b467d13f9bb7288702af93f915e1.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\svhost.exe
      C:\Windows\svhost.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings.exe
    Filesize

    298KB

    MD5

    92120f954f11ae30b93615a066b9b32b

    SHA1

    212c5b74f9b8af1a35a38350b6b8d895aeba483f

    SHA256

    9b33ee587785f28c8e15544b3700e9109308e954fe9fb65b4a96655e122859ed

    SHA512

    5fbedf5e0e8389fb9f0a37eede2810e4656cf50288c2d7a014f0e89e154c267c1fbeda446405829a31810f5880d7650f872d2d0f448247618733c8e25804b839

    Download Submit

  • C:\Windows\Driver.db
    Filesize

    82B

    MD5

    c2d2dc50dca8a2bfdc8e2d59dfa5796d

    SHA1

    7a6150fc53244e28d1bcea437c0c9d276c41ccad

    SHA256

    b2d38b3f122cfcf3cecabf0dfe2ab9c4182416d6961ae43f1eebee489cf3c960

    SHA512

    6cfdd08729de9ee9d1f5d8fcd859144d32ddc0a9e7074202a7d03d3795bdf0027a074a6aa54f451d4166024c134b27c55c7142170e64d979d86c13801f937ce4

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    298KB

    MD5

    5f795889ec5da5f4446c9eacb72530d7

    SHA1

    2a1dd8f59c582cba017aff4ad06c6b8bfe6422fd

    SHA256

    596cd1edf9245dd4ef31c568a1d1e0880cbe58800b87d9f63ecce5f57e68be55

    SHA512

    5a8f497367886066b218a731e0bdb971b12948d88de9232054c43f139a21377ca38c4e5c1ac87fcc25d63347c783388b173ce67a495655e8b6a27bb18cd92795

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    62KB

    MD5

    63ba4ae9a67609459e4dec28dd4ad31c

    SHA1

    9b7e9e928766cbbf0a4875e1e079f7afc61d3e0b

    SHA256

    b5fd00a052e8b3513dd3a18327c90dec32a1eee70a2001ed928fb959b8834881

    SHA512

    15acf986477e7ff6d8a149a9904c793bd77a4a55d35b8b2fac8f7e02a0200d6c86383ccc55bf08ae6e57055014c3ec75c16165292167d418d15a81f9fdb8452d

    Download Submit

  • memory/2220-806-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2220-0-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-4770-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-7950-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-2392-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-3450-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-5-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-5834-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-6893-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-1328-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-9274-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-10335-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-11392-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-12446-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-13776-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-14831-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2740-15890-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download