5c6356f13b3967f1e04e2dc7af2c716dae27dbb91bee3b4e97ea712f58c3d2ba

Analysis

max time kernel
0s
max time network
145s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0692e0b37f0d86ae0ec70e8a2a4202e3.exe
Size

198KB
MD5

0692e0b37f0d86ae0ec70e8a2a4202e3
SHA1

46bacc82cb2b31bbf5d224fc3aa35f40b73c6f8f
SHA256

5c6356f13b3967f1e04e2dc7af2c716dae27dbb91bee3b4e97ea712f58c3d2ba
SHA512

27a777b6c1585d2f0b0d8a4fe662d3b622515a90f1858ffc477bc97e6811c988291e47521ec37cf0df24d76455b7deb4b6534aad8f651ecddb5b94f2cee5779a
SSDEEP

6144:cB83ztdtflr7HEFJrMhOhdPnPd9di/otxz8be:cBKlrcMhOh5l9dqotxzP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x0000000000400000-0x000000000048A000-memory.dmp	upx
behavioral1/files/0x000a000000015f7a-11.dat	upx
behavioral1/memory/2996-16-0x0000000000400000-0x000000000048A000-memory.dmp	upx
behavioral1/memory/2548-12-0x0000000000400000-0x000000000048A000-memory.dmp	upx
behavioral1/files/0x000a000000015f7a-8.dat	upx
behavioral1/memory/2996-18-0x0000000000400000-0x000000000048A000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\TTPlayer\TPlayer.exe	0692e0b37f0d86ae0ec70e8a2a4202e3.exe
File opened for modification	C:\Program Files\TTPlayer\TPlayer.exe	0692e0b37f0d86ae0ec70e8a2a4202e3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0692e0b37f0d86ae0ec70e8a2a4202e3.exe
"C:\Users\Admin\AppData\Local\Temp\0692e0b37f0d86ae0ec70e8a2a4202e3.exe"
1⤵
- Drops file in Program Files directory
PID:2548
- C:\Program Files\TTPlayer\TPlayer.exe
  "C:\Program Files\TTPlayer\TPlayer.exe"
  2⤵
  PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\TTPlayer\TPlayer.exe

Filesize
92KB

MD5
e768b45559f34b893f526a1ebcf8df22

SHA1
15df3b1fcf02cd79f55c68afd414ad0bbd8062f0

SHA256
82f7281a7890c5374cb7e158351a384fb675ed12adf71e012f1ddab0a6f33b2f

SHA512
5cdf45a01ef978601578e8c0dc59b392d54a1104ed28f7495a20fd1f9f8d7dc9fabaf58e10b15c47d2985ca8cec6d8286498bab987f87a7a95a9f9bff8d3bfff

Download Submit
C:\Program Files\TTPlayer\TPlayer.exe

Filesize
381KB

MD5
3c2bb532ca0722197a579213fc61f351

SHA1
6a3e539585b54e9fde564364b7dd433b4531d2e0

SHA256
ca8fe7e265b846b72be9dcffbe152c427d04cb154be0ffaa6ab2d06151cdc97e

SHA512
1d572545cca4e784e2297c03b62143b2febbe83bd94a6051e6e72293866e0f10e4eb7ba1d97c0dddfc8686390925bb9d1ca915361e343a3dc62191f2738f2b7d

Download Submit
memory/2548-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2548-0-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2548-13-0x0000000003C50000-0x0000000003CDA000-memory.dmp

Filesize
552KB

Download
memory/2548-12-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2996-17-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2996-16-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2996-18-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2996-20-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download