Overview

overview

7

Static

static

7

2ca5fe9aa0...ad.exe

windows7-x64

7

2ca5fe9aa0...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2ca5fe9aa030e7487619f3d5c15b70ad.exe

  • Size

    28KB

  • MD5

    2ca5fe9aa030e7487619f3d5c15b70ad

  • SHA1

    3c7849013a40537140aeb964cc3a85bbe807b2b0

  • SHA256

    8845916a98575b683ef72f70305a550b367c70416f91866298f34027f958c965

  • SHA512

    47cacdcd63846890928541ea279895829091082371929b88cc282ad5783749214ffdc8cdcdda0a0fb4a3f62a8f26cb76cc56d0ba86d1ff76e50f9679457a5e2e

  • SSDEEP

    768:ZYNwKY/6Asd/t3CfmE55WmRWTZnttRBwroze:ZYNY/Ad/t3VEDbRWTZnTHRe

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ca5fe9aa030e7487619f3d5c15b70ad.exe
    "C:\Users\Admin\AppData\Local\Temp\2ca5fe9aa030e7487619f3d5c15b70ad.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4832
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2CA5FE~1.EXE > nul
      2⤵
        PID:4072
    • C:\Windows\SysWOW64\svcmrgb.exe
      C:\Windows\SysWOW64\svcmrgb.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:1764

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\svcmrgb.exe
            Filesize

            28KB

            MD5

            2ca5fe9aa030e7487619f3d5c15b70ad

            SHA1

            3c7849013a40537140aeb964cc3a85bbe807b2b0

            SHA256

            8845916a98575b683ef72f70305a550b367c70416f91866298f34027f958c965

            SHA512

            47cacdcd63846890928541ea279895829091082371929b88cc282ad5783749214ffdc8cdcdda0a0fb4a3f62a8f26cb76cc56d0ba86d1ff76e50f9679457a5e2e

            Download Submit

          • memory/1764-6-0x0000000000400000-0x0000000000417000-memory.dmp

            Filesize

            92KB

            Download

          • memory/4832-0-0x0000000000400000-0x0000000000417000-memory.dmp

            Filesize

            92KB

            Download

          • memory/4832-1-0x0000000000400000-0x0000000000417000-memory.dmp

            Filesize

            92KB

            Download

          • memory/4832-5-0x0000000000400000-0x0000000000417000-memory.dmp

            Filesize

            92KB

            Download