Overview

overview

7

Static

static

7

27e1feab65...c3.exe

windows7-x64

7

27e1feab65...c3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 04:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    27e1feab653e695401b7d9772c6c89c3.exe

  • Size

    301KB

  • MD5

    27e1feab653e695401b7d9772c6c89c3

  • SHA1

    6f7c3a4aa603c8b6bf9e9992956887076a157aa2

  • SHA256

    08d8d361f186a721a28ccceb3f4e85f73c8b44ea8784aa610e95f38243980306

  • SHA512

    a97801254125320b21d8f923f912af7e0e485df85c99ff12c0a8149997485080da08b126995a97e30335d1177674939f5aa5fa2e23bb71a09be091b5fa95a9b2

  • SSDEEP

    3072:d7cWbToutZ8PwK3437sC+SOZPhZqwmClpVNlfWp2aH:dFPoSZAYsSmNlf9

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Gathers network information 2 TTPs 3 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27e1feab653e695401b7d9772c6c89c3.exe
    "C:\Users\Admin\AppData\Local\Temp\27e1feab653e695401b7d9772c6c89c3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\E936.tmp\RapidShareTimePatch.cmd" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /flushdns
        3⤵
        • Gathers network information
        PID:1364
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /release
        3⤵
        • Gathers network information
        PID:2592
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /renew
        3⤵
        • Gathers network information
        PID:2184

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\E936.tmp\RapidShareTimePatch.cmd
          Filesize

          71B

          MD5

          59499cac81c0b6e92cea57220133cf66

          SHA1

          14844ebd8f774bc5c73fdf1813e938c2357077ab

          SHA256

          d4bd6f8ae408a272b6544de4f030200542b6226640d347beeb8647be289ec703

          SHA512

          cdec7eea76b5f374407760faa6a0c8f1b48cfb692da8f6c33a7f0fe324ad8d1c213a823e6e9cdaa2ea82fdabcbc8eb80ef08f4a3fc8a57fef4764d856628e0af

          Download Submit

        • memory/2900-0-0x0000000000400000-0x000000000049C000-memory.dmp

          Filesize

          624KB

          Download

        • memory/2900-16-0x0000000000400000-0x000000000049C000-memory.dmp

          Filesize

          624KB

          Download