8adc54528df6a36e14d8107ed34c5ec6fec27af60d5ac29b068f9e42bc8abd3b

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37eb268fcb20fe76b4738b599b676f07.exe
Size

2.8MB
MD5

37eb268fcb20fe76b4738b599b676f07
SHA1

206a78a727790e4da515280796ad0e2ec02d14a4
SHA256

8adc54528df6a36e14d8107ed34c5ec6fec27af60d5ac29b068f9e42bc8abd3b
SHA512

b43013eb4ab00a3b38d96d3fcbd41c59acde2c778fae5409093fabe6b2c9151d4fb0060d689dab4ed23bb1f99f1179b5cd0bf0dfa32236aebea7c1a1f03730d3
SSDEEP

49152:3XJR/q/KRlxLM5fVAnq6bpkWaD2uVlZyfeZa3ApLzUbN6eEQu/aEHZbtG9WBn2PB:HLoKRiVGqs7ImwPUbN6eEQuCE5M9WB2Z

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2344	37eb268fcb20fe76b4738b599b676f07.exe
2344	37eb268fcb20fe76b4738b599b676f07.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x0000000000465000-memory.dmp	upx
behavioral1/memory/2344-48-0x0000000000400000-0x0000000000465000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2344	37eb268fcb20fe76b4738b599b676f07.exe

C:\Users\Admin\AppData\Local\Temp\37eb268fcb20fe76b4738b599b676f07.exe
"C:\Users\Admin\AppData\Local\Temp\37eb268fcb20fe76b4738b599b676f07.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Temp\1DQ0PBBJ\37eb268fcb20fe76b4738b599b676f07\splash.bmp

Filesize
195KB

MD5
07f12aa35a8f0af6a0c9f45cfca2b40b

SHA1
269e890678c3251b287f9414aec5793c97b2c156

SHA256
99747d10702bdd13b320e60a43fa2734b2defa20b01153a3a1f70b79be84ccaa

SHA512
d62bacc4763c63c4e7614f218c8ecc61745ed1ec8fdd8fc70d50bec45bed91cabb57a1cce0caef71feebd34bd43da7dd33b9b7aabf30f013f88838bf8091d026

Download Submit
\Temp\1DQ0PBBJ\37eb268fcb20fe76b4738b599b676f07\plugins\0\StdUI.dll

Filesize
143KB

MD5
3343b7196292145aa6a9af2d79017c41

SHA1
2ccb2d001b7439084df4ea196b9a02c1970013f4

SHA256
382286ee90682fc8a7aa4c03890e42098f752cbbe52b3f4ab081f9262794da6a

SHA512
33396319b4d42055e9dfaa2359ee067501d6a3ae567015deb9f96a20fcf94356a21a2e233c6bfd663b371e1a5ffe8148f11c86bd1d98c1362fa48a4311862225

Download Submit
\Temp\1DQ0PBBJ\unpack.dll

Filesize
34KB

MD5
780634f3f27147d1846745ae0160fb9f

SHA1
a675572a5a1b770e5081dbb8e82689160c2250c4

SHA256
2791bad82ceb45f2f45a6f32361d29cc5851ce591d1c9bbf60e5e1f735b46917

SHA512
4949d4f4f7eae7ac1ccc0b536da1c60e4a177bc6ef9dc94daf26c71eabb3fe842d2fd0e2722f4dd653990239833f2e8e3a7376969c1823de63b2807dac5a3447

Download Submit
memory/2344-0-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/2344-1-0x00000000002E0000-0x0000000000345000-memory.dmp

Filesize
404KB

Download
memory/2344-2-0x00000000002E0000-0x0000000000345000-memory.dmp

Filesize
404KB

Download
memory/2344-45-0x0000000002E30000-0x0000000002E58000-memory.dmp

Filesize
160KB

Download
memory/2344-49-0x0000000002E30000-0x0000000002E58000-memory.dmp

Filesize
160KB

Download
memory/2344-48-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/2344-52-0x00000000002E0000-0x0000000000345000-memory.dmp

Filesize
404KB

Download