Overview

overview

7

Static

static

3

1a8894a8f3...e8.exe

windows7-x64

7

1a8894a8f3...e8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a8894a8f3878409a159a4db60910ae8.exe

  • Size

    214KB

  • MD5

    1a8894a8f3878409a159a4db60910ae8

  • SHA1

    65442414f42389a50a433fd52e3d86d7183f3202

  • SHA256

    d47dc46323604c7164ea6c7ddff3b5ab4da9270ed0a5161c1cfaafbd02da4d6a

  • SHA512

    e7e5c6d777f2d924571b8510a499e1fc7cd66a349d49658b9acc12044e5775221e4a32678fde9e2a047d392aa960db30587f3ba62bb3038e44a704e17196a733

  • SSDEEP

    3072:vEoB+tB6/X1zqoHLsnEtf/pp3qmv1JJGd/AYKW1qW:AvYWSLzf/pp6mv70L1q

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a8894a8f3878409a159a4db60910ae8.exe
    "C:\Users\Admin\AppData\Local\Temp\1a8894a8f3878409a159a4db60910ae8.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\msa.exe
      C:\Windows\msa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    344B

    MD5

    0d1d9be2261601b9906dbba85a2e14af

    SHA1

    ebc332dd13abcdf30fbe31ce94465d0f56ed97fc

    SHA256

    78e68c4fd77e344d4a55a5f904e42ab73af33b4926a4f778ef0f79bb2cd798fe

    SHA512

    89b0891384898cb5f6cd6540a0077a22deccf03eba4e523ae707750f3b9575540f7cbe696586c6f9d2d7dd6c8f5565bf2f5de8ae509bf6a66b8b44ce7da51546

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    214KB

    MD5

    1a8894a8f3878409a159a4db60910ae8

    SHA1

    65442414f42389a50a433fd52e3d86d7183f3202

    SHA256

    d47dc46323604c7164ea6c7ddff3b5ab4da9270ed0a5161c1cfaafbd02da4d6a

    SHA512

    e7e5c6d777f2d924571b8510a499e1fc7cd66a349d49658b9acc12044e5775221e4a32678fde9e2a047d392aa960db30587f3ba62bb3038e44a704e17196a733

    Download Submit

  • memory/2232-28693-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2232-2-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2232-0-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2232-6063-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38537-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-21383-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-11-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38538-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38540-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38541-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38542-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38543-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38544-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38546-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38547-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2860-38548-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download