f46aff2990cbd65550c7460fb315ab8e328ea997eabe7b826eac9c4279960c69

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51d7b870df6697c1a26bca18947efa73.exe
Size

182KB
MD5

51d7b870df6697c1a26bca18947efa73
SHA1

76080ab248093ff8269804ce3e294f3fd3d1a2e1
SHA256

f46aff2990cbd65550c7460fb315ab8e328ea997eabe7b826eac9c4279960c69
SHA512

0f3e50613a1a082095b4fc43eeabb34585ff752e705c52f9d0678389f5eef3a2bae9c7d9f0bf80bce252b992983b14d1103b677c93ec5120637a0cab5deb3b3f
SSDEEP

3072:TER5Ah6S8S1m2YPrh4qR8vCZksB+Sddqol2lQBV+UdE+rECWp7hKIghM20n:TEXAEl6QPzksB+EYgBV+UdvrEFp7hKIH

Score

8^/10

persistence upx

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Loads dropped DLL 1 IoCs

pid	Process
1992	51d7b870df6697c1a26bca18947efa73.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1992-3-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1992-6-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\symsrv.dll	51d7b870df6697c1a26bca18947efa73.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	51d7b870df6697c1a26bca18947efa73.exe

C:\Users\Admin\AppData\Local\Temp\51d7b870df6697c1a26bca18947efa73.exe
"C:\Users\Admin\AppData\Local\Temp\51d7b870df6697c1a26bca18947efa73.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-3-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1992-6-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1992-5-0x0000000000140000-0x000000000015B000-memory.dmp

Filesize
108KB

Download