Overview

overview

7

Static

static

7

124a65d16c...10.exe

windows7-x64

7

124a65d16c...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    124a65d16c0f48ef7b94afd838415a10.exe

  • Size

    902KB

  • MD5

    124a65d16c0f48ef7b94afd838415a10

  • SHA1

    06771a4b250cff1e1ab5538fcc93855e24a6a0b5

  • SHA256

    22e5cba437553f13f7404f76e2f9473ab8cedde95b8e42ef9a3f2792ec4d7f32

  • SHA512

    c20a8a5a7cca0fad294c6aa4ccbe95c87b3c42ac13045d3cbfc26f3aa31bb4cc7d75978ef5d5481348e088c5373924a12dce9540376f4650c636ed5e99524ed0

  • SSDEEP

    12288:rbpHYUKy5U1bo9t8DMRSW9vbciUiLuAvOxMt11i27Qitjm:r5sJo6YrFUiyAak11Ltjm

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\124a65d16c0f48ef7b94afd838415a10.exe
    "C:\Users\Admin\AppData\Local\Temp\124a65d16c0f48ef7b94afd838415a10.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4892
    • \??\c:\Windows\svchest425075242507520.exe
      c:\Windows\svchest425075242507520.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest425075242507520.exe
    Filesize

    381KB

    MD5

    099c9e6b09a6685a9eb28bf7c4b82c9e

    SHA1

    c4e11b177b56e88824db420cda1cecca34060bf6

    SHA256

    0762c886c87ffe9c438d1aed8787688091140f312e6a7d125ee2abf6e314e3e2

    SHA512

    ee9d335455b8d4d71a46e961d570d45bb7ffe44cd6cb1c1f62d6c973826c6d6c2c08a89ad51f14fca1cf3be05d791bff5dbf7d4f69d461fad91116396b2aaf1d

    Download Submit

  • C:\Windows\svchest425075242507520.exe
    Filesize

    92KB

    MD5

    caf00a50e1f5d03cdafa7e0bbde864d0

    SHA1

    f678e1645b4b69a1d7853709338aec13b00f784d

    SHA256

    e8ac9f7e0dc93bc44b31a6f1c221e5d19a4e15b2e6616c3e78e1bd1c98dd4c9c

    SHA512

    11ff5e7aed38e15bbb00fc94a00f13c4a7d6db088d7f708a7a787d981b024e77466d74b63611d6886decbc8ca9d15ddba446b3ecc38c1f7c95bae2103fb438e1

    Download Submit

  • \??\c:\Windows\svchest425075242507520.exe
    Filesize

    137KB

    MD5

    f6e84e5e4f4cec078561e2e458965e9e

    SHA1

    85ec72c9bddb79fe2203eac683adfdbdf590c98f

    SHA256

    6980a29afb0605f98c78a220bf5044f825e38ad20c2316dab1907976901a3989

    SHA512

    d006f4e1763477c170ea3058f50898da97ae9c389d9fa4d75b52bbd24aedfb72091c18103538ddd472180da4c78342f1c6ea08ebeed0183cc07f5d29b1836bbe

    Download Submit

  • memory/4852-10-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4852-12-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4892-0-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4892-1-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4892-13-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download