Overview

overview

7

Static

static

3

27b01b8e67...79.exe

windows7-x64

7

27b01b8e67...79.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    159s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 04:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27b01b8e67c71d6aea553e0ae1efea79.exe

  • Size

    3.2MB

  • MD5

    27b01b8e67c71d6aea553e0ae1efea79

  • SHA1

    ab341ed234952d3c3788ed51db415631fa47835b

  • SHA256

    3e6abc977fda31b0005ba75aa56d6e0c5547394fd8036633e87dea5afc5fb0a7

  • SHA512

    01063897201474c546de6a3c3847902dfca015f38fb08450642da6a2c4e6698746ddd3b83b8e137f85416c14438edff0f17d793b56c6a7ede0dc6734a9983754

  • SSDEEP

    98304:OH1j42u1wn+LdH5eBgoMXj/7BNxmvkmpoU:RHMBy7AkmX

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27b01b8e67c71d6aea553e0ae1efea79.exe
    "C:\Users\Admin\AppData\Local\Temp\27b01b8e67c71d6aea553e0ae1efea79.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.danawg.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2452
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa224f46f8,0x7ffa224f4708,0x7ffa224f4718
        3⤵
          PID:4132
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
          3⤵
            PID:852
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2312
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
            3⤵
              PID:1740
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
              3⤵
                PID:1972
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
                3⤵
                  PID:3200
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
                  3⤵
                    PID:1676
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                    3⤵
                      PID:1636
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
                      3⤵
                        PID:3628
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
                        3⤵
                          PID:4288
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1032
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
                          3⤵
                            PID:3488
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
                            3⤵
                              PID:3632
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                              3⤵
                                PID:2224
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10710335444670343472,11253253777111989648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
                                3⤵
                                  PID:4548
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1716
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:5080

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  efc9c7501d0a6db520763baad1e05ce8

                                  SHA1

                                  60b5e190124b54ff7234bb2e36071d9c8db8545f

                                  SHA256

                                  7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

                                  SHA512

                                  bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  111B

                                  MD5

                                  285252a2f6327d41eab203dc2f402c67

                                  SHA1

                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                  SHA256

                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                  SHA512

                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  6732eda1454725b3ca36dc27ce748842

                                  SHA1

                                  c4a7b42b8d41ab2ebdd465b942e97a2ef2eb63f0

                                  SHA256

                                  c4b33909aa57b82f7d108a4edea2247396c5d1fbbed7db5494666b489ab9af28

                                  SHA512

                                  066001dca68c3b78776e0483b670bf26f7d4ed40ecb750d430f0d5abdef74ab03262a9061f8bf0e29ee0e150e55125fecb332ccbb4f6ec2f0687e2b71e47bbfa

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  8b94caf73e423645d43d551e341a77d1

                                  SHA1

                                  022d552d1b9fbb3cb38f8fe9325d24ae11bccaea

                                  SHA256

                                  745a2ac5f0b40ccb2fc71d966e7672a348c0e8e3ba2bcdcb33866fe00e915287

                                  SHA512

                                  79e126ae947e241a532a070780f894f0f85c3a0fea5966460a91460c588c5904de50bda864407c71e7ee387c2b8fcc77cac14ff5127f7cab3059501b4b259dd4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  9f1f79653399f946b7312d004882bf47

                                  SHA1

                                  914a92929f07915857970f26986b3adca584bfd5

                                  SHA256

                                  33a545271d9b0ea1ec2e9a8b0a8af2ba24bb1cc9453148660a8406efd37bc641

                                  SHA512

                                  d2c1f657622819b86c9895626db61085557ade19611093f9f7acf86b502c8100d969616fd371fae5e40895e7dffccb05ce3623101b052c8fdb2c768928e6cb23

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                  Filesize

                                  24KB

                                  MD5

                                  121510c1483c9de9fdb590c20526ec0a

                                  SHA1

                                  96443a812fe4d3c522cfdbc9c95155e11939f4e2

                                  SHA256

                                  cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

                                  SHA512

                                  b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  09c922e9c9e838922a9e80c8b69ed9e4

                                  SHA1

                                  cad5eda78e6a4a6eefd312def03e9b669c8d2392

                                  SHA256

                                  b6fc68dfc5f3ce9693545b8b5835e09f9f51cd85f5a913de24f81b2bb08722fb

                                  SHA512

                                  fcb7e4f06b95e3cdb9bfa17c434aadc8a4a81f1faae943dd60de4bcb3897e6349cab3036354bf4cda750e3d6f542447c795bf8e6866864a5fe4659ad3844fce9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  96cdb3f5052f3f7f797e200f5dd6734a

                                  SHA1

                                  3e8fdb135fcc05eed778069d4db026326825a3b3

                                  SHA256

                                  308f5a8196d5143cc70ea555a57f175d92bcce2a43f930b4c485dd246b86eefa

                                  SHA512

                                  0bce22cfd2945fdb58d4ab29d6b8d6372beef0401827f28368dc2ebbd41bbc752c6acb9e0aab50c2e4e8fd581350ed5b9f21fd81db23be0caf64c6437242a8ea

                                  Download Submit

                                • C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url
                                  Filesize

                                  110B

                                  MD5

                                  f9fc3e4f710ea6068eccca29ed784970

                                  SHA1

                                  eb6f961e7102e3aef227b204ff4dd9563f745812

                                  SHA256

                                  1c12badabe490d7c3d63bb0187965344ce0ed923eab707e446900a9b98913fcb

                                  SHA512

                                  b2d0db7a2c4b4d4e53a8daf2caff6a0ea826133038380e5dcf8c6493417f2884ecd61f047798189a3cff13cca3b9dbe99e5a501ce5de10488b2a337389b019ed

                                  Download Submit

                                • C:\Users\Admin\Favorites\Íâ¹Ò×÷·»×ÊÔ´Õ¾ [42724920.ys168.com].url
                                  Filesize

                                  115B

                                  MD5

                                  514d1b59ae8925c5edea3c446ce588dd

                                  SHA1

                                  60dd675b65c7ffaac6ca731dba265a6f316a6f75

                                  SHA256

                                  6bbfe9e113e075b646ae49400657b8bb20cbab06854b38bf007ac6e15cd7b773

                                  SHA512

                                  5bf3d0f1715b445852ad184907d2161967d51cb8fe9673330438d8705502bc63e263222c43839140c613a427b0b58b297e522b3953c2543453625e01b8017253

                                  Download Submit

                                • memory/2612-29-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-61-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-40-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-42-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-44-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-47-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-49-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-51-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-54-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-57-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-59-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-38-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-63-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-64-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-35-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-33-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-31-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-27-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-25-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-23-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-21-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-19-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-18-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download

                                • memory/2612-16-0x0000000004DF0000-0x0000000004E2D000-memory.dmp

                                  Filesize

                                  244KB

                                  Download