Overview

overview

7

Static

static

3

3565e4f70c...f5.exe

windows7-x64

7

3565e4f70c...f5.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 18:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3565e4f70ce5a1c2227f813f7f4b48f5.exe

  • Size

    181KB

  • MD5

    3565e4f70ce5a1c2227f813f7f4b48f5

  • SHA1

    f7e79e2ea45cf8e429b811c9bfd502cf3bb0f440

  • SHA256

    814e763791396858073e8bda611bf1795dfd6240cd2c4c989802a9e3e62961f1

  • SHA512

    345bd46c2d3382ae6cef676b5152f44685dc9a224b8673971d6ba8197520b15bb8a19b1dd61f03aaf0815592e0b37952b5ff4714aa4de09123e356b02ccbb31b

  • SSDEEP

    3072:BHooknwo1EyjyIshFFDBZt6SI/Ple7LllWH:Noo0F7OImFFP6Sc

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3565e4f70ce5a1c2227f813f7f4b48f5.exe
    "C:\Users\Admin\AppData\Local\Temp\3565e4f70ce5a1c2227f813f7f4b48f5.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\msa.exe
      C:\Windows\msa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    344B

    MD5

    73655b2b5e086612d8176c69657038de

    SHA1

    c0f040b2b8698f210d35bcdecc291ce227b5958e

    SHA256

    700f00272ef3b011d24ddd97f83d27fcfcb3f0894221129c60bfb34a75fae6b1

    SHA512

    bd9c3806bae6ad9a7987a20ebeaf1b412088b7db2153be3b3f1effc3d680d612aadbcacfa7faa9ea7983e21fc882cded0e256a2f7610f2546da7817564a8e37e

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    181KB

    MD5

    3565e4f70ce5a1c2227f813f7f4b48f5

    SHA1

    f7e79e2ea45cf8e429b811c9bfd502cf3bb0f440

    SHA256

    814e763791396858073e8bda611bf1795dfd6240cd2c4c989802a9e3e62961f1

    SHA512

    345bd46c2d3382ae6cef676b5152f44685dc9a224b8673971d6ba8197520b15bb8a19b1dd61f03aaf0815592e0b37952b5ff4714aa4de09123e356b02ccbb31b

    Download Submit

  • memory/2088-38538-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38541-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38550-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38532-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38549-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38535-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-38537-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38536-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38548-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38540-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-38539-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-9-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38542-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38543-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38544-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38545-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38546-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2088-38547-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2104-0-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2104-38533-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2104-38531-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download