e17bc4973747741100b3c9b73e8379f025d4b88814411ec06fef6f15f386620c

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 06:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

59613e377a384de2c4c715b260c7bc34.exe
Size

358KB
MD5

59613e377a384de2c4c715b260c7bc34
SHA1

884fd1bf5bfcc8951a672722b83cfbaef42edd1d
SHA256

e17bc4973747741100b3c9b73e8379f025d4b88814411ec06fef6f15f386620c
SHA512

019c812d1c1c0a42be1dbe342c55edb8fda401cca785f42c5b5b783b94b8dc4535d69731c88f926fff32c8566fc727da902ed47e0df174e888189cb1a8683c86
SSDEEP

6144:nl8KWs/bWq+nR6xtEstSlckJ4OUSccLU4968TI+RjoSG9:nl837cCHJrccvZPRjoSG9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2028-0-0x0000000000400000-0x000000000050C000-memory.dmp	upx
behavioral1/memory/2028-11-0x0000000000400000-0x000000000050C000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2028	59613e377a384de2c4c715b260c7bc34.exe
2028	59613e377a384de2c4c715b260c7bc34.exe

C:\Users\Admin\AppData\Local\Temp\59613e377a384de2c4c715b260c7bc34.exe
"C:\Users\Admin\AppData\Local\Temp\59613e377a384de2c4c715b260c7bc34.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\59613e377a384de2c4c715b260c7bc34.data

Filesize
1KB

MD5
798417c71300609d461a3e801ef9e8cb

SHA1
7c4872a5fb8626afba8ace089220e90ea38a4f1f

SHA256
0bb4c82a920080f18cb8d650f38e2ec1603b05a047993e9cacd501b3d5eeb965

SHA512
1a7d464c05f835a5d9d2e010002674d31a2016c7f889d3fbeb2c14c1039e85c05f9337a329879f04185a57f2e07fc57e533d6ccc31bc9a6c78a8c9ac002872d8

Download Submit
memory/2028-0-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download
memory/2028-11-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download