Overview

overview

7

Static

static

3

2e849a5744...4a.exe

windows7-x64

7

2e849a5744...4a.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e849a574460fe68874890383215794a.exe

  • Size

    152KB

  • MD5

    2e849a574460fe68874890383215794a

  • SHA1

    c0e59189de972798066f90d5479d07d51223deaf

  • SHA256

    86499a027097fab79eb111648602a3a4a3544802fd0412c865a3a40df4db7009

  • SHA512

    8cf80d4479d2262419807a1ffaa08e96b54438b388151c3bc8b38f8b2f06a2759be4dc8bf93fc336b6773b0122f8df2b9707bc352c9ccca8c3207f8b3807465e

  • SSDEEP

    1536:oC2dJ8sPEoVT2TX5txNffVSsWq8I4OvIj5dwUVP5TEalk+hMQrZgOUgW7TFAAXWU:ocIp2TX3fVSsQOv4kUV2eU0xSZu

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e849a574460fe68874890383215794a.exe
    "C:\Users\Admin\AppData\Local\Temp\2e849a574460fe68874890383215794a.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\msa.exe
      C:\Windows\msa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    344B

    MD5

    c78797173bcc90f18ad07cfd066f86e8

    SHA1

    2a264037992aa9283fb982eb31310130f14eecea

    SHA256

    f45ab192e8ec7cf74197dd1c16f6072dc7cc2e220a7073d4e3014617da91706b

    SHA512

    b5c5ad96799fc0f277ae555188e9e653f41f71dd042abf68f142342c80d43aed5fd410c6fa19a9322b2a4e9e855ea8b4d219598a3df4fcac9ede80e89a0b09d6

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    152KB

    MD5

    2e849a574460fe68874890383215794a

    SHA1

    c0e59189de972798066f90d5479d07d51223deaf

    SHA256

    86499a027097fab79eb111648602a3a4a3544802fd0412c865a3a40df4db7009

    SHA512

    8cf80d4479d2262419807a1ffaa08e96b54438b388151c3bc8b38f8b2f06a2759be4dc8bf93fc336b6773b0122f8df2b9707bc352c9ccca8c3207f8b3807465e

    Download Submit

  • memory/2000-25727-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2000-0-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2000-7134-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38539-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38541-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-36818-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38536-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38538-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-9-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38540-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-20259-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38542-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38543-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38544-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38545-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38546-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38547-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38548-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2700-38549-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download