Overview

overview

7

Static

static

7

1f48f74761...11.exe

windows7-x64

7

1f48f74761...11.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    2s
  • max time network
    81s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f48f7476196b627424e99bd12dd8411.exe

  • Size

    491KB

  • MD5

    1f48f7476196b627424e99bd12dd8411

  • SHA1

    0721699e3b0a6a3dea9aaa9204241f95e507a1c9

  • SHA256

    e18fe4e8ccd8ff75cdf5f1d3898cd619c6acf2962861330d68c20063348f91be

  • SHA512

    f9ad7cec7b8adf1780ea033f31794a5fe98fb2bc6f808b92a09dc7f73aeeab2f57fbe9815366247af3e25e0bf03bbcba94c891cda2263b997ed225b75fba2fb3

  • SSDEEP

    12288:nKoXeB05oIqEuTrYeCMcp2ieKlrOCN6dZwfiE9:nK2eB0OVrfYeCMpie2S3m

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f48f7476196b627424e99bd12dd8411.exe
    "C:\Users\Admin\AppData\Local\Temp\1f48f7476196b627424e99bd12dd8411.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Windows\SysWOW64\net.exe
      net stop rfwservice
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3128
    • C:\Windows\SysWOW64\net.exe
      net stop rfwproxysrv
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2324
    • C:\Windows\inf\winupgrade.exe
      "C:\Windows\inf\winupgrade.exe" /install /SILENT
      2⤵
        PID:4752
        • C:\Windows\ime\cache.exe
          "C:\Windows\ime\cache.exe" /RegServer
          3⤵
            PID:544
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c piaoyao.exe_deleteme.bat
          2⤵
            PID:4972
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop rfwservice
          1⤵
            PID:4456
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop rfwproxysrv
            1⤵
              PID:5092
            • C:\Windows\inf\winupgrade.exe
              C:\Windows\inf\winupgrade.exe
              1⤵
                PID:1748
                • C:\Windows\ime\cache.exe
                  "C:\Windows\ime\cache.exe" /RegServer
                  2⤵
                    PID:4460
                  • C:\Windows\ime\cache.exe
                    "C:\Windows\ime\cache.exe" /RegServer
                    2⤵
                      PID:4560
                    • C:\Windows\ime\cache.exe
                      "C:\Windows\ime\cache.exe" /RegServer
                      2⤵
                        PID:2584
                      • C:\Windows\ime\cache.exe
                        "C:\Windows\ime\cache.exe" /RegServer
                        2⤵
                          PID:4704
                        • C:\Windows\ime\cache.exe
                          "C:\Windows\ime\cache.exe" /RegServer
                          2⤵
                            PID:3372
                          • C:\Windows\ime\cache.exe
                            "C:\Windows\ime\cache.exe" /RegServer
                            2⤵
                              PID:3100
                            • C:\Windows\ime\cache.exe
                              "C:\Windows\ime\cache.exe" /RegServer
                              2⤵
                                PID:1468
                            • C:\Windows\IME\cache.exe
                              C:\Windows\IME\cache.exe -Embedding
                              1⤵
                                PID:3764

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\IME\cache.exe
                                Filesize

                                9KB

                                MD5

                                c8bd0a07ec8c746d04e318a3d63861dd

                                SHA1

                                550992b37ad00f28f2cd83f026847e117a654bc7

                                SHA256

                                9c20853aed9ae250eba50a2b18bafac02f6e83e5160f87819add0f0636dbccad

                                SHA512

                                f4111d2010635f647f4f5230b8c2868f43fe95b6c5ea63d937e54ac689b69afef858c45fff4d3fe7823725cc8575ac99bf32cee4f0963031f73cb68575d8d052

                                Download Submit

                              • C:\Windows\INF\winupgrade.exe
                                Filesize

                                4KB

                                MD5

                                ea826af4f01e6f4f050cec3c63146948

                                SHA1

                                b2c55b3722624eea176c3c7b5a7380fdea2e87cf

                                SHA256

                                b9b59a6835be53af539851830a4347afe53f7f33e3436515e59381863940d13e

                                SHA512

                                6292dce3e48173624d6ed803f6e362d95038cb8bb1e5e77f9901e48849ee752aff1bd3c9fcc341f12e5046cd4e00f025047f1af9184ee2d5a4138e8a9100ab02

                                Download Submit

                              • C:\Windows\INF\winupgrade.exe
                                Filesize

                                32KB

                                MD5

                                a0ad265d76eca09e2308dd86dfc4d50c

                                SHA1

                                72d8e73c3e022b89f0c22f5fe7908aac12a7b34c

                                SHA256

                                bf9cafd4a6fb3ac7deb6703d1be8af31a88ed000491cf5f380b5280b5fd1bb0b

                                SHA512

                                d6b15bcc13be439025aaff91161dd579b1a062afa92b9ada91572e77a8ebdbcb86f5868bd38372c4faf5da485b432d0016ea714867f4663b4149351b9c471968

                                Download Submit

                              • memory/544-70-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/544-69-0x0000000000760000-0x0000000000761000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1204-109-0x0000000000400000-0x000000000055E000-memory.dmp

                                Filesize

                                1.4MB

                                Download

                              • memory/1204-0-0x0000000000400000-0x000000000055E000-memory.dmp

                                Filesize

                                1.4MB

                                Download

                              • memory/1468-198-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/1748-204-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/1748-123-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/1748-202-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/1748-199-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/1748-163-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/1748-125-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/1748-74-0x00000000006D0000-0x00000000006D1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1748-205-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/1748-207-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/2584-115-0x0000000000500000-0x0000000000501000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2584-114-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/3100-161-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/3372-107-0x00000000005E0000-0x00000000005E1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/3372-108-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/3764-127-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/3764-126-0x0000000000720000-0x0000000000721000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4460-121-0x0000000000610000-0x0000000000611000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4460-162-0x0000000000610000-0x0000000000611000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4460-120-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/4560-117-0x00000000005D0000-0x00000000005D1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4560-118-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/4704-112-0x0000000000620000-0x0000000000621000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4704-113-0x0000000000400000-0x0000000000497000-memory.dmp

                                Filesize

                                604KB

                                Download

                              • memory/4752-68-0x0000000000400000-0x0000000000545000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/4752-36-0x0000000000620000-0x0000000000621000-memory.dmp

                                Filesize

                                4KB

                                Download