Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 16:46

General

  • Target

    2e48b6cb1fa4276a480e9a58937a0022.exe

  • Size

    100KB

  • MD5

    2e48b6cb1fa4276a480e9a58937a0022

  • SHA1

    c68a4ad89f327dc357ee92cadb94a948f2f604c3

  • SHA256

    79f5fbfa2b82ff0d81af034dc7dcd07d15c3bc0ee60cd5bd68e515eb55104157

  • SHA512

    b8b0e046fee731b7f472a138b54ee439d2a1cf89d9fe671870ab4d36e52f5010365810691386cb2119cd83b52300b0aeea3838f628533f7570c0cd2ba5c37daf

  • SSDEEP

    3072:sGQHl1Cr3bSsHEIxLzkk3greqzSbXm8jbxDhh81:pQF1Cr3bSsHEIxL5g1eLmIdf8

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e48b6cb1fa4276a480e9a58937a0022.exe
    "C:\Users\Admin\AppData\Local\Temp\2e48b6cb1fa4276a480e9a58937a0022.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Urb..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Urb..bat

    Filesize

    210B

    MD5

    03d0daa8ed5d20cec7518804da40f5c7

    SHA1

    c78a19c10d5c84bb9f5cf9026d5034dbc193a143

    SHA256

    94346fb0dfd3081bd245faeb04b17cc9b7ddd7f8fdbfe66d957e9d8544fd4fdd

    SHA512

    8d8130e9512994f77d0b77a021eb768023ea8c9e456d45725a5e3f88d10e2533edcda0eeec55771fcd4fa129e6827f5ae9d0eea7002b8692573eda558597d0a1

  • memory/1748-2-0x00000000001D0000-0x00000000001D2000-memory.dmp

    Filesize

    8KB

  • memory/1748-3-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1748-1-0x00000000001B0000-0x00000000001B3000-memory.dmp

    Filesize

    12KB

  • memory/1748-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1748-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB