Overview

overview

7

Static

static

7

555893aef8...c7.exe

windows7-x64

7

555893aef8...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    555893aef83c035c8602bbca0af564c7.exe

  • Size

    120KB

  • MD5

    555893aef83c035c8602bbca0af564c7

  • SHA1

    3b228afa68753ad288f2632fc46f29c811cca978

  • SHA256

    774e221dbf18bd36c5f46a5782bf2288ba88365634e402b56a097f425a25993a

  • SHA512

    0a8c24c3dcf0dbc9f049cd531cf03e8e2814892240214cab6002d6b9199b2a35208b8e93fe14bd3f793eae4d380c6013900884eaf00b513003ddd582b71b56bb

  • SSDEEP

    3072:RRqmefClXDGvWc66peoatKYjCDrnrBgN8jy:Pqme4DGvWc0naDrr

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies data under HKEY_USERS 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\555893aef83c035c8602bbca0af564c7.exe
    "C:\Users\Admin\AppData\Local\Temp\555893aef83c035c8602bbca0af564c7.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\lsass.exe
      C:\Windows\lsass.exe
      2⤵
      • Executes dropped EXE
      PID:2196
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\SMSS.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2416
  • C:\Windows\lsass.exe
    C:\Windows\lsass.exe
    1⤵
    • Executes dropped EXE
    PID:4044
  • C:\Windows\winhost.exe
    C:\Windows\winhost.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3304
    • C:\Windows\lsass.exe
      C:\Windows\lsass.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      PID:5008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SMSS.bat
    Filesize

    31B

    MD5

    f7783aa57cf349f565232daaf7f19485

    SHA1

    5ec48d781e5d6ecacf108ad1789753ae80984dc3

    SHA256

    7ca2e292fbddcd05bd64c3b5f9528a282b8f479df61c7682846e85ded87cbb43

    SHA512

    e4bae708254025700bb372e5f9ec1809bd3796bf0fccc1ede110e769ccfffbc0abe555e0425221bec0e7c63e7bf710858bed924e585066432310ef6dde5a829a

    Download Submit

  • C:\Windows\lsass.exe
    Filesize

    234KB

    MD5

    25bc4287d751ee42ebe3bffa8b780855

    SHA1

    07a9c5f7ecac647b8448d3c876747bddfe690805

    SHA256

    5d43f58cc4c8d837265235e679c2b12ee5074d8216948a4ae5cdfaaab0a76e37

    SHA512

    958a014c2a413f7fc31d54b961fb8dd461f64cf58995bca3411275e3e24e421f573267e9c5512ad3501230d284551f18121ef4e9bd633352a68e41982dff11e1

    Download Submit

  • C:\Windows\lsass.exe
    Filesize

    92KB

    MD5

    4120ca3adacc7577949f6b42791dbcaf

    SHA1

    25a1312cba7addc52e82cff30a8fff26e5359eec

    SHA256

    a04388be66287396e1358486bc8c93a94a8ddd09685d9cbac1c98d799c1dcbbc

    SHA512

    b23ea8fd45ae2301713eb0471b7e85e3dc92444d4bc6e8065c63bb6c7f174b2c7cd555a8993be971f781049655e911a8376eb8a09cfe89af6c7efb7a4d111d3b

    Download Submit

  • C:\Windows\winhost.exe
    Filesize

    120KB

    MD5

    555893aef83c035c8602bbca0af564c7

    SHA1

    3b228afa68753ad288f2632fc46f29c811cca978

    SHA256

    774e221dbf18bd36c5f46a5782bf2288ba88365634e402b56a097f425a25993a

    SHA512

    0a8c24c3dcf0dbc9f049cd531cf03e8e2814892240214cab6002d6b9199b2a35208b8e93fe14bd3f793eae4d380c6013900884eaf00b513003ddd582b71b56bb

    Download Submit

  • memory/2196-10-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2196-6-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2196-44-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2196-28-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2696-23-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2696-5-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2696-16-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2696-33-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2696-0-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/3304-21-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/3304-25-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/4044-15-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/5008-26-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/5008-35-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/5008-43-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download