Overview

overview

10

Static

static

3

2d5b728153...17.exe

windows7-x64

10

2d5b728153...17.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    3s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d5b7281531e01f2e4b686c821908c17.exe

  • Size

    484KB

  • MD5

    2d5b7281531e01f2e4b686c821908c17

  • SHA1

    ab6a0c19e09ddb8e8eae4f30170c0ab7abc2e8bf

  • SHA256

    81549da4d4f5f26a7bd974b5269af840868d0659b52eb76fc4bd1ed681d90067

  • SHA512

    4422e9e5bce02f2fc63d1db2ff1cd6baddeb604fea9819118337aeb47e1fa1ba820384a8d4fc4422ba63da0da98afa4a162147b719e8327932f6dcdcc5e4d5f7

  • SSDEEP

    12288:GoUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:Q92ILECd0R15XZS3QafpDNUQ

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates processes with tasklist 1 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d5b7281531e01f2e4b686c821908c17.exe
    "C:\Users\Admin\AppData\Local\Temp\2d5b7281531e01f2e4b686c821908c17.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:404
    • C:\Users\Admin\LB9c4j3K.exe
      C:\Users\Admin\LB9c4j3K.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2316
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c tasklist&&del LB9c4j3K.exe
        3⤵
          PID:4564
        • C:\Users\Admin\xoixuec.exe
          "C:\Users\Admin\xoixuec.exe"
          3⤵
            PID:4952
        • C:\Users\Admin\bshost.exe
          C:\Users\Admin\bshost.exe
          2⤵
            PID:2896
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe"
              3⤵
                PID:2532
            • C:\Users\Admin\aahost.exe
              C:\Users\Admin\aahost.exe
              2⤵
                PID:4468
              • C:\Users\Admin\dyhost.exe
                C:\Users\Admin\dyhost.exe
                2⤵
                  PID:2196
                • C:\Users\Admin\ekhost.exe
                  C:\Users\Admin\ekhost.exe
                  2⤵
                    PID:2160
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c tasklist&&del ekhost.exe
                      3⤵
                        PID:2124
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c tasklist&&del 2d5b7281531e01f2e4b686c821908c17.exe
                      2⤵
                        PID:32
                    • C:\Windows\SysWOW64\tasklist.exe
                      tasklist
                      1⤵
                      • Enumerates processes with tasklist
                      PID:4968
                    • C:\Users\Admin\aahost.exe
                      "C:\Users\Admin\aahost.exe"
                      1⤵
                        PID:1832
                      • C:\Windows\SysWOW64\tasklist.exe
                        tasklist
                        1⤵
                        • Enumerates processes with tasklist
                        PID:4860
                      • C:\Windows\SysWOW64\tasklist.exe
                        tasklist
                        1⤵
                        • Enumerates processes with tasklist
                        PID:1172

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\LB9c4j3K.exe
                        Filesize

                        92KB

                        MD5

                        fa948ab70a2db68adcbdef897963086f

                        SHA1

                        dcf362a0dd52585ddae925f079a4152e04912c0e

                        SHA256

                        6407386d0c4f079d1d6063d9f43041232d80bf4a6689681479d2fd31c384797a

                        SHA512

                        dded6c2fb2ddbef9c0a13cb8c0550a3a0ae986bc69a1f9ac33046fc8cdabc0e8aa9e2f0ce41715d32fe07dd0a68ff8dc470417e9fdcc2ef2f4665bf4857511be

                        Download Submit

                      • memory/1832-53-0x0000000000400000-0x000000000040E000-memory.dmp

                        Filesize

                        56KB

                        Download

                      • memory/1832-52-0x0000000000400000-0x000000000040E000-memory.dmp

                        Filesize

                        56KB

                        Download

                      • memory/1832-50-0x0000000000400000-0x000000000040E000-memory.dmp

                        Filesize

                        56KB

                        Download

                      • memory/1832-47-0x0000000000400000-0x000000000040E000-memory.dmp

                        Filesize

                        56KB

                        Download

                      • memory/2896-61-0x0000000002400000-0x0000000002444000-memory.dmp

                        Filesize

                        272KB

                        Download

                      • memory/2896-63-0x0000000000400000-0x0000000000444000-memory.dmp

                        Filesize

                        272KB

                        Download

                      • memory/2896-62-0x00000000005A0000-0x00000000005A1000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/2896-60-0x0000000000400000-0x0000000000444000-memory.dmp

                        Filesize

                        272KB

                        Download

                      • memory/2896-58-0x0000000000400000-0x0000000000444000-memory.dmp

                        Filesize

                        272KB

                        Download

                      • memory/2896-57-0x0000000000400000-0x0000000000444000-memory.dmp

                        Filesize

                        272KB

                        Download

                      • memory/2896-59-0x0000000000580000-0x0000000000581000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/2896-66-0x0000000000400000-0x0000000000444000-memory.dmp

                        Filesize

                        272KB

                        Download