Overview

overview

8

Static

static

3

2d03e79ee0...d6.exe

windows7-x64

8

2d03e79ee0...d6.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 07:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d03e79ee04d0fee3fef6a79fc5237d6.exe

  • Size

    125KB

  • MD5

    2d03e79ee04d0fee3fef6a79fc5237d6

  • SHA1

    3df21f1510f270140572c3cf5949c2fbd6b6623f

  • SHA256

    0116cfe9d1c0d4f80ffc7374f0965b9139238c32fd2841d1525cc65e7e4b56e8

  • SHA512

    bf7540aeeb42fb3d1892a2c754bf355c30bf46e6ff52235bb08e334b9ef94d57540fb28fbe416607bca4c10c1c18a33c658a3b869cbc04fbdf96909aff9bd795

  • SSDEEP

    3072:Qp4hhZhRuHh0RoTw7s8A4y2TtRrx337r70Qa7fcxsj:Qp4wCRgw5jy2TtRrx33Y7UW

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Drops startup file 4 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d03e79ee04d0fee3fef6a79fc5237d6.exe
    "C:\Users\Admin\AppData\Local\Temp\2d03e79ee04d0fee3fef6a79fc5237d6.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Users\Admin\AppData\Local\Temp\2d03e79ee04d0fee3fef6a79fc5237d6.exe
      C:\Users\Admin\AppData\Local\Temp\2d03e79ee04d0fee3fef6a79fc5237d6.exe
      2⤵
      • Drops startup file
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram 1.exe 1 ENABLE
        3⤵
        • Modifies Windows Firewall
        PID:2544
      • C:\Users\Admin\AppData\Local\uxryda.exe
        "C:\Users\Admin\AppData\Local\uxryda.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2848
        • C:\Users\Admin\AppData\Local\uxryda.exe
          C:\Users\Admin\AppData\Local\uxryda.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Adds Run key to start application
          PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\uxryda.exe
    Filesize

    125KB

    MD5

    2d03e79ee04d0fee3fef6a79fc5237d6

    SHA1

    3df21f1510f270140572c3cf5949c2fbd6b6623f

    SHA256

    0116cfe9d1c0d4f80ffc7374f0965b9139238c32fd2841d1525cc65e7e4b56e8

    SHA512

    bf7540aeeb42fb3d1892a2c754bf355c30bf46e6ff52235bb08e334b9ef94d57540fb28fbe416607bca4c10c1c18a33c658a3b869cbc04fbdf96909aff9bd795

    Download Submit

  • memory/2364-82-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-80-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-75-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-86-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-85-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-84-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-83-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-74-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-76-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-77-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-81-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-79-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2364-78-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2440-11-0x0000000000490000-0x0000000000590000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2440-13-0x0000000000490000-0x0000000000590000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2440-8-0x0000000000490000-0x0000000000590000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2440-15-0x0000000000490000-0x0000000000590000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2848-55-0x00000000005C0000-0x00000000006C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2848-59-0x00000000005C0000-0x00000000006C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2848-57-0x00000000005C0000-0x00000000006C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2848-53-0x00000000005C0000-0x00000000006C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2848-49-0x00000000005C0000-0x00000000006C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2848-51-0x00000000005C0000-0x00000000006C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2876-38-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2876-26-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2876-28-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2876-29-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2876-21-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2876-17-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2876-19-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2876-14-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download