Overview

overview

7

Static

static

1

21a9a48607...fe.exe

windows7-x64

7

21a9a48607...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 00:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21a9a48607013f66a812fd59c31c7afe.exe

  • Size

    655KB

  • MD5

    21a9a48607013f66a812fd59c31c7afe

  • SHA1

    29ad2ac088ab0abea1fe4a96f069f7c73fe3d472

  • SHA256

    211a7146bb1be7a59528ac7b9cc62e860d9be8536fe3f9931825899c5eff3666

  • SHA512

    f0ffa48d79f9300abc73343fdda39e224f4ea3349ee780dd22d7ab4b58ccfedf206f210bcd0f16a66ea0e0df2d350ac4ed6bf3830875c000939a54d53b137495

  • SSDEEP

    12288:04BS2ly9NKPRdegPsgQr/745jezvROTVo80d1WU1ntTxJ10gJ1TvzM:0hhKeiHQr/s1uRCBQWMxDpM

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21a9a48607013f66a812fd59c31c7afe.exe
    "C:\Users\Admin\AppData\Local\Temp\21a9a48607013f66a812fd59c31c7afe.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Users\Admin\AppData\Local\Temp\21a9a48607013f66a812fd59c31c7afe.exe
      "C:\Users\Admin\AppData\Local\Temp\21a9a48607013f66a812fd59c31c7afe.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3500
      • C:\Users\Admin\AppData\Local\Temp\21a9a48607013f66a812fd59c31c7afe.exe
        "C:\Users\Admin\AppData\Local\Temp\21a9a48607013f66a812fd59c31c7afe.exe"
        3⤵
        • Loads dropped DLL
        PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse45E4.tmp\LuaBridge.dll
    Filesize

    62KB

    MD5

    4e08fe995ab74ba4d145ddb77ea095fc

    SHA1

    e4bb337e40069c097e7abd566b7427b11fb124ee

    SHA256

    ace3c561f186dfbb5c992f85ea2ab4d3061894509af6960e9d819152afa46b17

    SHA512

    b056fbe0e79d90f8ce0908eb2b75f589e4415ed462868aaff6032f12dde394058cd221d317b92fc4809aa27d6cf2e801c4215db3cab1267ebd9dbc9af7b7041f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp4671.tmp\87a5250e7389d052be3fdc257872ebd873ef2deb.dll
    Filesize

    80KB

    MD5

    4bf7db111acfa7c28ad36606107b3322

    SHA1

    6f20b9f6663ce0c309a2ce60e718d64ffb6c75b3

    SHA256

    bfe8445c38ee71240e856f85d79e94123d7179bf43688de0e2a14e32e6ef21b0

    SHA512

    0a5e66a65b80e15d8198f2934c58227ae17680f0fbea9865b2f44af82a29c53d4f95cf9616b4dfd75202420eb73b7d962cf2c84fdad6ce26afe1eb4bb978d0b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp4671.tmp\FloatingProgress.dll
    Filesize

    25KB

    MD5

    0f26c6d34d3841e93145dd00d0175651

    SHA1

    57b068569d0eb2336503beed87589629ab2a6f1f

    SHA256

    0cc5dc45b6a04ec236f4ecf0eeee212096b1561179d71c49dd5fc82aba706741

    SHA512

    72785e520d78a4ebd8779e5497806406c1b91b9c05ed82a392a6af689781e26c77f0032c66540b80e2e7e457128df2afd0647b0dbc970a11d0cd4ee3930d47a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp4671.tmp\LuaXml_lib.dll
    Filesize

    11KB

    MD5

    7292b642bd958aeb7fd7cfd19e45b068

    SHA1

    19a800620d041634abae5b5d096cb0e87ce4c188

    SHA256

    90f1bb98e034fcf7bfddb8cb0a85b27a9c9ddb01b926b4e139e1e8fc53d41d09

    SHA512

    bd758e0833454e0aa2af976ac94fde17c5401102c5991887cefbe8e337974381584c73e2d1e50e49263c55c3788e24dc7f8bd0b9d2a76a6cbe38e48dd9d6c44a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp4671.tmp\System.dll
    Filesize

    10KB

    MD5

    7e3c808299aa2c405dffa864471ddb7f

    SHA1

    b5de7804dd35ed7afd0c3b59d866f1a0749495e0

    SHA256

    91c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd

    SHA512

    599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp4671.tmp\lua51.dll
    Filesize

    98KB

    MD5

    a1630e6d6757d2ea1685de0740aa51df

    SHA1

    7d5fae68c0cad3d519e9b5578b065a7a7b547123

    SHA256

    c9e8458c8e89d37f453bb412fa21095d7f5e2465b965c7fe11a71f3c08374cbf

    SHA512

    7a4d2f638605dab97fcf1fe0218c14e7eadfc20e222014729d840d9141c3b5d105a53d045bc98adafc9baeccd9c5c73dd4324a4b861658021f645e60418d6537

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp4671.tmp\lua51.dll
    Filesize

    85KB

    MD5

    5822823b571fec9f08842e53b26a5c19

    SHA1

    01ae238f4753bbc5bbfb15c38913e4a095681bcd

    SHA256

    4baabbf94e0eb61a2fe5ca6e08aa1dc75059a3df211ff0c5523d7a589df59aa6

    SHA512

    9668b270115e378076b837971af31cfe3ac56cd1589d11dcab6521d586ddf2d3d5954c287a8c6aca92b459549f81e224375923b87e937370cf233b1cf11ea38a

    Download Submit

  • memory/3004-141-0x00000000032C0000-0x00000000032CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3004-212-0x0000000003310000-0x000000000331C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3004-107-0x0000000002210000-0x0000000002226000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3004-33-0x0000000074E90000-0x0000000074EEE000-memory.dmp

    Filesize

    376KB

    Download

  • memory/3004-421-0x0000000074E90000-0x0000000074EEE000-memory.dmp

    Filesize

    376KB

    Download

  • memory/3004-420-0x0000000003310000-0x000000000331C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3004-419-0x0000000002200000-0x0000000002209000-memory.dmp

    Filesize

    36KB

    Download