Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 20:53

General

  • Target

    03b57d524ee4f6c57e6acea379e9dee1.exe

  • Size

    7KB

  • MD5

    03b57d524ee4f6c57e6acea379e9dee1

  • SHA1

    e687688f40ca520125d40e20e9995fe0bbf82b6a

  • SHA256

    5242e38434f3e5b05e838946abd72fe883ed534d44c013eb1b8123a0717e5274

  • SHA512

    bf805d945cbebf35fa1b6a84fddbfb32199b79178164475a6c70f29488f16d529f0f85b09d048ec9b430aeecfd08ea628811b83bfca542e684f932ae54ffb4fb

  • SSDEEP

    96:l73kw4RZpXD7LmS4Xrc3je3cZzrRHiSkZRP1W4mVQVBGhG3IsnKc9:lTqRZN/LJWYTA1zREQ37L

Score
8/10

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03b57d524ee4f6c57e6acea379e9dee1.exe
    "C:\Users\Admin\AppData\Local\Temp\03b57d524ee4f6c57e6acea379e9dee1.exe"
    1⤵
    • Adds policy Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\SysWOW64\ctfmon.exe
      ctfmon.exe
      2⤵
        PID:2996

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2892-0-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

    • memory/2892-1-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB