Overview

overview

7

Static

static

3

15b715bf7c...75.exe

windows7-x64

7

15b715bf7c...75.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 10:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15b715bf7cb44cc2ab74e1b09fa92175.exe

  • Size

    443KB

  • MD5

    15b715bf7cb44cc2ab74e1b09fa92175

  • SHA1

    027e2b1aa090e4ed2e0b3eade51bc36563268148

  • SHA256

    241c1b9d35a01c5566921df594690f26b1b368bd34208ad7374df3767c9662b7

  • SHA512

    275364676f9fcb35215b85847d182f36f6777ccd6c12026ef4e316059346a27573a03c7c9ba4d5d8d2afd2736b4735ecc4df4b5b2dddfe99c25d2b5d841e477e

  • SSDEEP

    12288:YLgzNdagGlAkn0k+9/TvFuRgcHuYtsrAHyqsN:Y8zNog+0k+TgHNtSAY

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15b715bf7cb44cc2ab74e1b09fa92175.exe
    "C:\Users\Admin\AppData\Local\Temp\15b715bf7cb44cc2ab74e1b09fa92175.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\ProgramData\lP39200EbPlB39200\lP39200EbPlB39200.exe
      "C:\ProgramData\lP39200EbPlB39200\lP39200EbPlB39200.exe" "C:\Users\Admin\AppData\Local\Temp\15b715bf7cb44cc2ab74e1b09fa92175.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\lP39200EbPlB39200\lP39200EbPlB39200.exe
    Filesize

    382KB

    MD5

    1f18f3951513756032f3b9f98547bbfb

    SHA1

    6ff1bea0aa9539b66ad5e8ee944e15d6853f3d5b

    SHA256

    391d2efb380f4ef3efb3ffe94a6444a02a79bc01280c1abca176e4e3e3322a6a

    SHA512

    550d24f1062acb674aef1efdae80d5e3aa025d2104daa9e2f6bf6e2d2800598aadc901f58105cfece408d67e1e5d82c4927139e775422e56a9d0968ed46a36a6

    Download Submit
  • C:\ProgramData\lP39200EbPlB39200\lP39200EbPlB39200.exe
    Filesize

    118KB

    MD5

    c742ca77638ee97aa0077998b5107f7a

    SHA1

    76096945f668d076a43d7bf03352d69612a31989

    SHA256

    30c91b8113d2c772a308e45d59d8e37b1275390df8434c4c40ebc5c56755fa41

    SHA512

    bae9e67436f1e4b8ae2b14c3544832d7c2bc0196aab7e8e5a717c87bb04dd0c56ac554d0bc6732c2e094a7b71b43eca67297ed7a1c08ca5ffdd5f8116045ad17

    Download Submit
  • memory/2044-1-0x0000000000400000-0x00000000004C2000-memory.dmp
    Filesize

    776KB

    Download
  • memory/2044-2-0x00000000007A0000-0x00000000008A0000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2044-14-0x0000000000400000-0x00000000004C2000-memory.dmp
    Filesize

    776KB

    Download
  • memory/3448-17-0x0000000000760000-0x0000000000860000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/3448-16-0x0000000000400000-0x00000000004C2000-memory.dmp
    Filesize

    776KB

    Download
  • memory/3448-25-0x0000000000400000-0x00000000004C2000-memory.dmp
    Filesize

    776KB

    Download
  • memory/3448-27-0x0000000000760000-0x0000000000860000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/3448-33-0x0000000000400000-0x00000000004C2000-memory.dmp
    Filesize

    776KB

    Download