Overview

overview

7

Static

static

1

004db77371...df.exe

windows7-x64

7

004db77371...df.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    12s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    004db7737105ea6bd66fa0f54a3a93df.exe

  • Size

    101KB

  • MD5

    004db7737105ea6bd66fa0f54a3a93df

  • SHA1

    829b87387ecbec21fbf1ba70cf22e655e4810ed6

  • SHA256

    18cf498cc68fafb22321be2d377408448adf3cd0938bfba6868e7eb3476eea50

  • SHA512

    6bc9afdf9a4077d022458dd0d15d0a2387dc1e48c6328fe7a1538d3ce3ed0e21f5ac9adb7a612266084807fa520c08f56f05488bec927ff90e80e25a5f5fa142

  • SSDEEP

    3072:AXZPXXU/kR5ZYQz8wh36E1vCP2LuogmnaHGhN:GZPn5pXhKE29oL1

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\004db7737105ea6bd66fa0f54a3a93df.exe
    "C:\Users\Admin\AppData\Local\Temp\004db7737105ea6bd66fa0f54a3a93df.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Users\Admin\AppData\Roaming\xjbjammluxuuthzr1b1bxwkwv2lmpnnz2\svcnost.exe
      "C:\Users\Admin\AppData\Roaming\xjbjammluxuuthzr1b1bxwkwv2lmpnnz2\svcnost.exe"
      2⤵
        PID:2284

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Roaming\desktop.ini
      Filesize

      9KB

      MD5

      4a27242b307c6a836993353035fafc16

      SHA1

      5fea7a41b8f9071848108015d8a952e6f944eea0

      SHA256

      02fd93f64bda51e1e2991184cac13f077d509712e462c9e44be9cf8e22c06de1

      SHA512

      35e9c87642b82df2bf0a9312bb0e9abfb98282db1e34032a4d0150d82c5e2f2e13150ddc896f1e954f02288a1e696a4306ee595b94b1e404c6ec17bac64c44be

      Download Submit

    • \Users\Admin\AppData\Roaming\ntuser.dat
      Filesize

      54KB

      MD5

      7e8e966927e04a35aec644602b8a9e05

      SHA1

      d201b0b41e8701818d60ddbf9f334332a512c4da

      SHA256

      46f18d9fbf63f378d86962cbf24f5ce57ce257555acd4effdcc41c1e2f1adf5c

      SHA512

      246777c79129a5076b71ca5d3f7e59b06d344f6b5e771892ae8ee68c0b5af9207cd1868b1336b49e6a84665309ad379a33ec6c8e72d7ce41de72153637921a51

      Download Submit

    • memory/2200-3-0x0000000000400000-0x0000000000462000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2200-1-0x0000000000340000-0x00000000003A2000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2200-5-0x0000000000400000-0x0000000000462000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2200-6-0x0000000000340000-0x00000000003A2000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2200-0-0x0000000000250000-0x00000000002B2000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2284-9-0x0000000000350000-0x00000000003B2000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2284-10-0x0000000000400000-0x0000000000462000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2284-12-0x00000000003D0000-0x00000000003ED000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2284-8-0x00000000002E0000-0x0000000000342000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2284-7-0x0000000000400000-0x0000000000462000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2284-22-0x0000000000400000-0x0000000000462000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2284-23-0x00000000003D0000-0x00000000003ED000-memory.dmp

      Filesize

      116KB

      Download