Overview

overview

7

Static

static

3

21fd93d3cd...cc.exe

windows7-x64

7

21fd93d3cd...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 00:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21fd93d3cdbeb9ed94ce1d1cd48063cc.exe

  • Size

    40KB

  • MD5

    21fd93d3cdbeb9ed94ce1d1cd48063cc

  • SHA1

    e377ba41cec9b79366ed22bd226bd88f1c88376f

  • SHA256

    87b90eb874af9a986921362d59cd08536baee8d4935b5b858127cd8683b8998d

  • SHA512

    356f124023d23124c1ad5fc9875e8e786f79a9e5d2ffa374d38ceea4d1b0485cfca25b9e5ed9674084aad8f25e944eef21e0a4bae970e66d9aae37661dc3dcc0

  • SSDEEP

    768:YHyfK1MokyJwxoX0J026MFpzf98LbHJT70:uZMokOt26gzfKLrJn

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21fd93d3cdbeb9ed94ce1d1cd48063cc.exe
    "C:\Users\Admin\AppData\Local\Temp\21fd93d3cdbeb9ed94ce1d1cd48063cc.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\SysWOW64\netmodulr.exe
      C:\Windows\system32\netmodulr.exe -inst
      2⤵
      • Executes dropped EXE
      PID:3956
  • C:\Windows\SysWOW64\netmodulr.exe
    C:\Windows\SysWOW64\netmodulr.exe
    1⤵
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\netmodulr.exe
    Filesize

    19KB

    MD5

    1071cf44d3e9cb1f8db0981257233c74

    SHA1

    473ebc7859875268db5d01ff37e25bac500f2cd8

    SHA256

    9a06615bfe4e5b7af84ab77f9993ec32da33e88233f764480edabce06cc9a254

    SHA512

    1aa9d6aec103a6185e80ae85ef948fb98aca13848297f3a13c0974faf7deea0e75b4b0d9655032e349ff717e85da31303fb3e4f4f38cff9f91d37eddd455918e

    Download Submit

  • memory/2148-6-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2148-8-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2148-15-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3956-4-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3956-7-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download