Overview

overview

7

Static

static

3

2ca1618545...83.exe

windows7-x64

7

2ca1618545...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ca1618545eb11ef6acb9b63b058ec83.exe

  • Size

    47KB

  • MD5

    2ca1618545eb11ef6acb9b63b058ec83

  • SHA1

    70c6dd788adc1891dd3e314f1737f455a96f4224

  • SHA256

    10cdd823e426c28b37517482c4ddb608faef7834ffd32e48354a4b8e9399e939

  • SHA512

    f0e16e90256c5f8eb6f8f56f143c9179deaa8b63089654f7819d8cad71f89d02dcfafd2cb4ac0d486d109a4bb1dfb2451c60c960a577c05d8cb40e49706056c9

  • SSDEEP

    768:dyLXJPmMEzQxH9fW6QVYl5hXf6MM/vTAO7n0LnF86jZw:dyLXs3IH9foSl5hXfjM/vTR7n0u6jZw

Score
7/10
persistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies WinLogon 2 TTPs 8 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ca1618545eb11ef6acb9b63b058ec83.exe
    "C:\Users\Admin\AppData\Local\Temp\2ca1618545eb11ef6acb9b63b058ec83.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Loads dropped DLL
      PID:3676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\sysfldr.dll
    Filesize

    12KB

    MD5

    9781e334e4e2e4388f6f4e64d9a78edd

    SHA1

    fa5ab99f507af9f99907496e7471ac923b7300b8

    SHA256

    17c16775ddbdbb5345a9e8158dccbdeb9c2ef55f4f6b95df638cfec4c266a298

    SHA512

    690e098d231b87d99dac3755b7e4c37343c778fb4037ff1dd5668baaaee1dee74d5a6391e87114db29eaefe6b8f87c67e09c4cdbf67c39162ca5af1997cc1f3d

    Download Submit

  • memory/2948-0-0x0000000013120000-0x000000001315A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2948-3-0x0000000013120000-0x000000001315A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/3676-6-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3676-5-0x0000000013140000-0x000000001314C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3676-9-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download