c735db3dd86505c028d3a81fe53bac34575f1004c446a9af67f020548e676f22

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22a2d0fc9b5665c4354da38f5a4451ff.exe
Size

15KB
MD5

22a2d0fc9b5665c4354da38f5a4451ff
SHA1

e166a4a54978f050bda22de07ebbdd4798205330
SHA256

c735db3dd86505c028d3a81fe53bac34575f1004c446a9af67f020548e676f22
SHA512

46b4bb86ec6288147d824ed077954c2faccba520051937f1169e9b8f1606919433c1575a4e77faa31baa76ed051a99e7146e2f33344ce5acf1d007f0aea1e4df
SSDEEP

384:Yb8bM0q6Hag18wnYP3XGec0VdIvuwjuWHHU85Rfg3XkH:YwbDq6HagGnU0VanVx5O3UH

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2264-1-0x0000000000400000-0x000000000040C677-memory.dmp	upx
behavioral1/memory/2264-0-0x0000000000400000-0x000000000040C677-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\22a2d0fc9b5665c4354da38f5a4451ff.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\22a2d0fc9b5665c4354da38f5a4451ff.exe"	22a2d0fc9b5665c4354da38f5a4451ff.exe

C:\Users\Admin\AppData\Local\Temp\22a2d0fc9b5665c4354da38f5a4451ff.exe
"C:\Users\Admin\AppData\Local\Temp\22a2d0fc9b5665c4354da38f5a4451ff.exe"
1⤵
- Adds Run key to start application
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2264-1-0x0000000000400000-0x000000000040C677-memory.dmp

Filesize
49KB

Download
memory/2264-0-0x0000000000400000-0x000000000040C677-memory.dmp

Filesize
49KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads