Overview

overview

7

Static

static

7

7aa7ce513e...18.exe

windows7-x64

7

7aa7ce513e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe

  • Size

    536KB

  • MD5

    6c7520b4d54c43c3413f3d345438016c

  • SHA1

    25ed57f64c95657be83dfe490479726f3a31eafe

  • SHA256

    7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018

  • SHA512

    e5f413da63dc5e32f617eb896b123d48c2e17f877c1dd362f782a73fa4d64e9c9e3bedc5b4007246bcfef326d8d4e7a1ef9e223a699ed533ddfff8462b9f05fb

  • SSDEEP

    12288:ghf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:gdQyDLzJTveuK0/Okx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe
    "C:\Users\Admin\AppData\Local\Temp\7aa7ce513e6ce2b2c9a68ee2d72370e2f10180f5f92a64e4ec0020ef17bf2018.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5072
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    1KB

    MD5

    a1f04d597102dcff7d4a7d15e7669f95

    SHA1

    0c2cb6fcc09da00eafe14ca5500b6da0b1c639a3

    SHA256

    3fe2dd34fffba51db94882aa52161da94cd2648057ad19b68606221b59d9c42f

    SHA512

    e0dca116d5b6d0d1c1899f34fc4187910daf9bc8b6583265861385e0d6d3237c1eb98eda2432d6993bf9f167425fea08f5a6c835d78508ca6412eb67ae82eb57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
    Filesize

    272B

    MD5

    a766c7e96b9842670244c8c55ce490aa

    SHA1

    89d2952d594953107b57ff39a4a5c9489775769e

    SHA256

    6860c8a5925e74a8dc6f904cb53f92a932febaa05d46a865692f537fd0a9002e

    SHA512

    a4ca9f44d6743592a46714c077ca32628718cb74daa2cc771d882e5642f2fe959fd2677f41eedf08cd0ccbaea85e87864085359a2f2d07f02182579411d38ba3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    502B

    MD5

    dbe03add74b036f6e98a0c6b7ff5b763

    SHA1

    2364b7f307de906231324dba2b69e6acf15f0cdb

    SHA256

    a6639a4a0b055644a8a7f999327981a5f4364213f6b0036ed05ac10ae33e2ebb

    SHA512

    071f0e30b2f1f56768e5a3178469750233eaddf48aba4b55a832d9da6509abcbba36a1af51f2e059a2d56abbb4945c8ec8a3a8b87403a579cc51742f84fe9633

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
    Filesize

    520B

    MD5

    cdc4e12922f135e0597e1db3f0a71f40

    SHA1

    9e5fbe7fbcd9e001e65e7646c3a421b3040d8c88

    SHA256

    24ce607d0f3d610879b8283c4679a1daab0f2587739558e2f5b46576276f5fbc

    SHA512

    c376883216aefe5376419398bf152898d4829ef211c1a66401eea11525043aee01c3d6fa653c279e36afe4d266516ec1ab987afc38fda2e7e5e79076e7ffc450

    Download Submit

  • C:\Windows\56d5a0
    Filesize

    4KB

    MD5

    07fa7191e1379473c28ad3313a29612e

    SHA1

    bebff6a23e8c5657c7e4c1b4b691b58d88fe43fc

    SHA256

    9c809a6c7112b8f6669615afff4f4423eb532a92d81fd4ef4e2effcd287ac3cc

    SHA512

    f848a9b2f90bd0a30fe3a5d7964e5e9a08f7f14a6aea1d8ea0d30b5acd8679524f0539b45516dddf7be1b1249d206905f342a1c13096576266342eb74988afb5

    Download Submit

  • memory/3348-3-0x0000000002B20000-0x0000000002B23000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3348-15-0x0000000002EA0000-0x0000000002F19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3348-4-0x0000000002EA0000-0x0000000002F19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3348-5-0x0000000002B20000-0x0000000002B23000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3348-6-0x0000000002EA0000-0x0000000002F19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/5072-13-0x0000000000F20000-0x0000000001022000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5072-0-0x0000000000F20000-0x0000000001022000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5072-24-0x0000000000F20000-0x0000000001022000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5072-27-0x0000000000F20000-0x0000000001022000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5072-39-0x0000000000F20000-0x0000000001022000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5072-63-0x0000000000F20000-0x0000000001022000-memory.dmp

    Filesize

    1.0MB

    Download