Overview

overview

7

Static

static

7

8d81ba3472...18.exe

windows7-x64

7

8d81ba3472...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    155s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d81ba3472c6282f8d17c703b59c940e2c756c5c49bf170253ca4cbd70605118.exe

  • Size

    536KB

  • MD5

    c4554472b3b0c2c0e69cebda5980abfc

  • SHA1

    c0d1f0be3a330c7976808f38075dacd38abb9ca3

  • SHA256

    8d81ba3472c6282f8d17c703b59c940e2c756c5c49bf170253ca4cbd70605118

  • SHA512

    e91b099e029ceeecfc6a04ffbba292c57ade8e0f86a146992fe74d4870a49f40fac04b4bba5fa82ddc72e567afb6bef3612a594abe03ef0daf40dbb0dc30180b

  • SSDEEP

    12288:ehf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:edQyDL9xp/BGA1RkmOkx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3556
    • C:\Users\Admin\AppData\Local\Temp\8d81ba3472c6282f8d17c703b59c940e2c756c5c49bf170253ca4cbd70605118.exe
      "C:\Users\Admin\AppData\Local\Temp\8d81ba3472c6282f8d17c703b59c940e2c756c5c49bf170253ca4cbd70605118.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    1KB

    MD5

    644b9543129b090d96762a5b22d3a375

    SHA1

    66553457cfc949885966916288632d5ff123fe66

    SHA256

    ba7ac18f23565ab7a401f10ad34a62d89b19421c4b309cb918ac224c768fb07b

    SHA512

    a58db26ca794968cc972bbfc026b0a7dbb6d425ec99dcaf9fede9d432d333030236030bd71374a712a09360f60e6b8f16bad3f145e0381b34657dcbf5a6128e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
    Filesize

    937B

    MD5

    53986d15ba8841a152fade41689cf05e

    SHA1

    987d8fa69bb532198d92e96e4f78148dd73c578f

    SHA256

    330df33a92562e50a7b48baa1ed3701d85944217259b8cd0bebbe3c619f53cd2

    SHA512

    557bc6c1da1a68c7d6afbf350d38c5b12b384ced3fbe29b0fb27f2b2e378865d7fc99bdfe0c2be2d1d36d70312c9965ee41c844898e0891ed7c972e154ee109f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    502B

    MD5

    3929cfe55eaf4099a02d122f82814d86

    SHA1

    b1a6d7cc0c8a9bcf4a290d57ef11a830389d63a6

    SHA256

    2a7495533a866ebde03da2b7ab74865f580c316a879ac8e180fa8f763c378aff

    SHA512

    b0f1fb1bd7b54d47ecdb1c5ac698c7e7afae291bbc0c9e76a727084aec1b3ac75ac2fbbf9ed2685b33c3f12a4a70c6f520d1bb919bc942a7dd996114c4a9ce5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
    Filesize

    520B

    MD5

    b799b39ce32fa29f263b16f847cb0d3f

    SHA1

    d4af7b60715161a903a92119d41c280193b7d09c

    SHA256

    9dbcc3493f028e64452a5848821a5de5f444e77e51d953c2ada07f987f8f6e37

    SHA512

    dcdc46c67e17c218b3609015833709adc86c1835c30f58388b6d1eb8b2d93fc4e4f388167ec7ed739444aed4be51dd8af3d32e400426db0b8b113d9d8d2a9f14

    Download Submit

  • memory/3556-6-0x0000000000D30000-0x0000000000D33000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3556-5-0x0000000002D50000-0x0000000002DC9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3556-3-0x0000000000D30000-0x0000000000D33000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3556-16-0x0000000002D50000-0x0000000002DC9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3556-4-0x0000000000D30000-0x0000000000D33000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3556-7-0x0000000002D50000-0x0000000002DC9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4996-0-0x0000000000020000-0x0000000000122000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4996-14-0x0000000000020000-0x0000000000122000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4996-25-0x0000000000020000-0x0000000000122000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4996-26-0x0000000000020000-0x0000000000122000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4996-27-0x0000000000020000-0x0000000000122000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4996-33-0x0000000000020000-0x0000000000122000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4996-43-0x0000000000020000-0x0000000000122000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4996-68-0x0000000000020000-0x0000000000122000-memory.dmp

    Filesize

    1.0MB

    Download