Overview

overview

7

Static

static

7

262bdfad94...2a.exe

windows7-x64

7

262bdfad94...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 14:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    262bdfad94ac2181681416101e7b272a.exe

  • Size

    216KB

  • MD5

    262bdfad94ac2181681416101e7b272a

  • SHA1

    9f0ca28663bd8b4be857853652e3efbf21274287

  • SHA256

    c18c082d9993ca7b7a83f5327edb5d485bebf8e03c57b9a5b3d7a8ec79f4eeee

  • SHA512

    6f5d3be18e7b7704856494a324824615ad12b34dd7bc691b874492917cfdfd82db412394e441f2a6371fd157b41fa18ce58458d8b81177731f79da1973bc5f85

  • SSDEEP

    6144:m9fxszZNj1MAIBQcF91qZteVHxzi9ya5c6LNQ:IxszZkAbxk1aya

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\262bdfad94ac2181681416101e7b272a.exe
    "C:\Users\Admin\AppData\Local\Temp\262bdfad94ac2181681416101e7b272a.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Windows\Onixia.exe
      C:\Windows\Onixia.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2860

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Onixia.exe
          Filesize

          216KB

          MD5

          262bdfad94ac2181681416101e7b272a

          SHA1

          9f0ca28663bd8b4be857853652e3efbf21274287

          SHA256

          c18c082d9993ca7b7a83f5327edb5d485bebf8e03c57b9a5b3d7a8ec79f4eeee

          SHA512

          6f5d3be18e7b7704856494a324824615ad12b34dd7bc691b874492917cfdfd82db412394e441f2a6371fd157b41fa18ce58458d8b81177731f79da1973bc5f85

          Download Submit

        • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
          Filesize

          344B

          MD5

          59fbb8c5475c52b21c54c9659f072532

          SHA1

          69c05791bced869cbbd6b4d5a69ed640673d3372

          SHA256

          f7fb95c376c8c89b733dc9d9ab8343bb03dd987f63beb9b111baefe0dab72e98

          SHA512

          13412639e40d10208ad8d7f000e977c881bde7fe4746dc63ea0d0b436efcdaf2ef2b80bce9b4d8ad0193a6b6aa84ceabe360d671549c34c50a0a4ff3c20d075e

          Download Submit

        • memory/848-3-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/848-0-0x0000000000400000-0x0000000000477000-memory.dmp

          Filesize

          476KB

          Download

        • memory/848-12-0x0000000001EA0000-0x0000000001F17000-memory.dmp

          Filesize

          476KB

          Download

        • memory/848-1-0x0000000000230000-0x0000000000231000-memory.dmp

          Filesize

          4KB

          Download

        • memory/848-2-0x0000000000400000-0x0000000000477000-memory.dmp

          Filesize

          476KB

          Download

        • memory/848-2183-0x0000000000400000-0x0000000000477000-memory.dmp

          Filesize

          476KB

          Download

        • memory/848-6312-0x0000000000400000-0x0000000000477000-memory.dmp

          Filesize

          476KB

          Download

        • memory/848-11478-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/2860-13-0x0000000000400000-0x0000000000477000-memory.dmp

          Filesize

          476KB

          Download

        • memory/2860-19-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/2860-32568-0x0000000000400000-0x0000000000477000-memory.dmp

          Filesize

          476KB

          Download

        • memory/2860-36493-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/2860-46470-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download