Overview

overview

7

Static

static

3

22c0872235...85.exe

windows7-x64

7

22c0872235...85.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    60s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22c08722352c2c7de72eabf1bdef2a85.exe

  • Size

    40KB

  • MD5

    22c08722352c2c7de72eabf1bdef2a85

  • SHA1

    a48d31c7699ef6eafecb3a0830699c88f7298a75

  • SHA256

    7cb890b6760595adc18b106fc40d6254965803991e9533b83fd83dcc6c5da3e5

  • SHA512

    4afd39b8b9a2524c046b672e1f31fe51a06fcb2af22826be9841393a2d0688edbcad4117d11b6ababebb2d9dfc0b71f863999cb5410ec4a90c7ee1933da89129

  • SSDEEP

    768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtHx2:aqk/Zdic/qjh8w19JDHU

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22c08722352c2c7de72eabf1bdef2a85.exe
    "C:\Users\Admin\AppData\Local\Temp\22c08722352c2c7de72eabf1bdef2a85.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:348
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7V1N9ZS9\2ZMUN766.htm
    Filesize

    92KB

    MD5

    7c1baa4eb53ca4908270f3a4d8213ce1

    SHA1

    d8bc0cae69f75aa6ee83877f959db010e1554947

    SHA256

    1394723e87a787e250c9c99023fac7fdd170d04af1d0de3479df970d2b0d916d

    SHA512

    1dc870663671643a6a6332a947b5a8bbe64e8b5b4b1f22cb468c8c65c242c1d78ea28db310d44fc76e10cee58cd41baecb6755f507a5bedc227fd9573860fcd2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\default[2].htm
    Filesize

    304B

    MD5

    267ddfdbb8d492b25de208d84b290f1c

    SHA1

    9f57d9f19f25549e1232489a0c101a92e851de2f

    SHA256

    ef1f87447ae1ab45548d2934cf0dbd15a32b86359ff9fccfa48d76c1badf6586

    SHA512

    0709aa62d39d419d335183235dcf328e1dfe6997bd9bfbdeb01bb050df8dcab63ec2d4f46e4718ab389fa8e12af66dec2e3019c8871ac6e40927a25cb706c6b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UCK1SA0Q\default[2].htm
    Filesize

    313B

    MD5

    ffb72ab4faba49ad441ce07db37dd8b6

    SHA1

    194e13c1c32ebb6e7a1dc912261cbd58a82ff71e

    SHA256

    7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660

    SHA512

    517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UCK1SA0Q\default[5].htm
    Filesize

    304B

    MD5

    cde2c6ec81201bdd39579745c69d502f

    SHA1

    e025748a7d4361b2803140ed0f0abda1797f5388

    SHA256

    a81000fc443c3c99e0e653cca135e16747e63bccebd5052ed64d7ae6f63f227f

    SHA512

    de5ca6169b2bb42a452ebd2f92c23bad3a98c01845a875336d6affe7f0192c2782b1f66f149019c0b880410c836fc45b2e9157dcccc7ad0d9e5953521a2151d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    d052ce3ef7e393f6d342b9e9c41f9608

    SHA1

    05ca98a2ee4ec7ff89a6c9b0b229f556fc358368

    SHA256

    a153bf15493930a3973f50e791b5b0d636098d9977e888eb5a15f96ed42a6061

    SHA512

    d7c452bb0b4f1afbcb738517436166c739eca2b8cbabd480dbd959222388532241bffe41e804cd98e08451cfc7831f39d4e716594fa71adb885afcc04ca9e56a

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/348-0-0x0000000000500000-0x000000000050D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1404-163-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-260-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-200-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-217-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-218-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-22-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-93-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-283-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-327-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-17-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-13-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-376-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1404-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download