Overview

overview

7

Static

static

7

07b828b4cf...19.exe

windows7-x64

7

07b828b4cf...19.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    185s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    07b828b4cf517a582e61e2f780a2b519.exe

  • Size

    579KB

  • MD5

    07b828b4cf517a582e61e2f780a2b519

  • SHA1

    feae07de2efc57dcf96b3e6afebb78af56ad17ee

  • SHA256

    37b29cfab42d10586803c93b5e6f86c77cad2914c57268f0dd553b67bd5ec799

  • SHA512

    2d5975056c8609314a5180f3175065b269e021a0464087eddfe4d4a5ab6fb70b577f7d2ff17107893929ac456b067b81e5b88de5520efee3ffc3dc9367cb6edc

  • SSDEEP

    12288:njkArEN249AyE/rbaMct4bO2/SDMHRH0IkEEJBPo7IAyUEX0s:EFE//Tct4bOsSDMxKEEJ+7IAlEZ

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 23 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 21 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07b828b4cf517a582e61e2f780a2b519.exe
    "C:\Users\Admin\AppData\Local\Temp\07b828b4cf517a582e61e2f780a2b519.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder\Profiles\Profile.exe
      "C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder\Profiles\Profile.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2628
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1244
    • C:\Windows\system32\winlogon.exe
      winlogon.exe
      1⤵
        PID:420

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\ProgramData\Thunder Network\Thunder\Profiles\Profile.exe
              Filesize

              298KB

              MD5

              96e46199b9def60aab45b20767a2b8c2

              SHA1

              daa345722866e04026aae49324cc950f462f76ad

              SHA256

              10873cea1efc2d8152ba70e7af16e2c81521d4b5d6c17d02a1fbd1a56409bf85

              SHA512

              eada970c9cb24f5073e8401beaaaede2a704a1b8f1a6ea2ccb4142266c9717136eb8d2093eb95a2c84a06835735da158813fcf5307ecaedcf3194341a208a073

              Download Submit

            • memory/1244-15-0x0000000002980000-0x0000000002981000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2628-55-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2628-24-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2628-46-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2628-19-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2628-34-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2628-22-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-60-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-47-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-32-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-33-0x0000000003A10000-0x0000000003AC3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-21-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-35-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-16-0x0000000003A10000-0x0000000003AC3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-17-0x0000000003A10000-0x0000000003AC3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-37-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-23-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-0-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-56-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-57-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-58-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-59-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-45-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-61-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-62-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2680-63-0x0000000000400000-0x00000000004B3000-memory.dmp

              Filesize

              716KB

              Download