Overview

overview

8

Static

static

7

6734b1dc1d...64.exe

windows7-x64

8

6734b1dc1d...64.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 10:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6734b1dc1d53b26243be7c8f4d357064.exe

  • Size

    12.7MB

  • MD5

    6734b1dc1d53b26243be7c8f4d357064

  • SHA1

    720f4501412a4e03eea4debc336b952da11670b1

  • SHA256

    bcdd1ebc6ebb33006c866108310cd2b879068c5b2dcafbd04bf6c132ae6909d3

  • SHA512

    43fd179939152254b8002c4da4d1df923b81c959b41cf614bb51019b31d843e41f40e6a9093663d35f53baea9d143e515ab52d1ba45ab22661653b9472e60a37

  • SSDEEP

    196608:jjBxcO4jj0h1Ldz7k1HjBxcO4jj0h1Ldz7k1U+:zhvLdz7+hvLdz7L+

Score
8/10
persistenceupx

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 7 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • NTFS ADS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6734b1dc1d53b26243be7c8f4d357064.exe
    "C:\Users\Admin\AppData\Local\Temp\6734b1dc1d53b26243be7c8f4d357064.exe"
    1⤵
    • Drops file in Drivers directory
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    PID:4680
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 3016
      2⤵
      • Program crash
      PID:876
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4680 -ip 4680
    1⤵
      PID:3616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\wkw4D2.tmp
      Filesize

      2.0MB

      MD5

      7123ff5a4f2f11108a22e6d04e0fadac

      SHA1

      ab0550874bb70d26dd8835a91350ae3b4d52c3e6

      SHA256

      874dce059ca34f558daece7c165f76a770fb8783fe3a6d197f75f1c74e0513af

      SHA512

      c43994f560f757fbd93ba9846febfa62356fc57248f88fb0004786de63d23646446abbf2b48df83f6657f81164f20ed7f6b93412a056e2e07aa1b2f373f2b874

      Download Submit

    • memory/4680-0-0x0000000000400000-0x0000000000450000-memory.dmp

      Filesize

      320KB

      Download

    • memory/4680-522-0x0000000000400000-0x0000000000450000-memory.dmp

      Filesize

      320KB

      Download