Overview

overview

8

Static

static

3

7dde2cadb7...3c.exe

windows7-x64

8

7dde2cadb7...3c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    10s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-01-2024 15:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dde2cadb794e170aadfa6453a767d3c.exe

  • Size

    940KB

  • MD5

    7dde2cadb794e170aadfa6453a767d3c

  • SHA1

    dc5e8c1cb38f132d8506690348cabb84c104e15b

  • SHA256

    94bfdd9963e0a7fe4ee4488edbeebbd5b0d69fc8f5325f4006f159d4e2067236

  • SHA512

    5c2a2c99b3a97301ff89a4376d244faa536aaba4428467ce2fbe103b4f4411e0bbf400590941f39c91012eceaec27f5f3d151572ee899445f8bd975b61ccfd1a

  • SSDEEP

    24576:ImRKvOCv3utr5OUR0cl6zvozvaHMwINz3eptIC7U:ImovOC/uXgclWoj7wiiptIoU

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies registry key 1 TTPs 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 36 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dde2cadb794e170aadfa6453a767d3c.exe
    "C:\Users\Admin\AppData\Local\Temp\7dde2cadb794e170aadfa6453a767d3c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Users\Admin\AppData\Local\Temp\7dde2cadb794e170aadfa6453a767d3c.exe
      C:\Users\Admin\AppData\Local\Temp\7dde2cadb794e170aadfa6453a767d3c.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1632
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger" /f
        3⤵
          PID:912
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
          3⤵
            PID:4664
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\7dde2cadb794e170aadfa6453a767d3c.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\7dde2cadb794e170aadfa6453a767d3c.exe:*:Enabled:Windows Messanger" /f
            3⤵
              PID:4988
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
              3⤵
                PID:4388
          • C:\Users\Admin\AppData\Local\Temp\K7W3326XSO.exe
            C:\Users\Admin\AppData\Local\Temp\K7W3326XSO.exe
            1⤵
            • Executes dropped EXE
            PID:1948
            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\adesao.exe
              "C:\Users\Admin\AppData\Local\Temp\RarSFX0\adesao.exe"
              2⤵
                PID:400
            • C:\Windows\SysWOW64\reg.exe
              REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
              1⤵
              • Modifies registry key
              PID:3768
            • C:\Windows\SysWOW64\reg.exe
              REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\7dde2cadb794e170aadfa6453a767d3c.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\7dde2cadb794e170aadfa6453a767d3c.exe:*:Enabled:Windows Messanger" /f
              1⤵
              • Modifies registry key
              PID:2160
            • C:\Windows\SysWOW64\reg.exe
              REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
              1⤵
              • Modifies registry key
              PID:1636
            • C:\Windows\SysWOW64\reg.exe
              REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger" /f
              1⤵
              • Modifies registry key
              PID:1008

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/400-32-0x0000000000400000-0x00000000005A9000-memory.dmp

              Filesize

              1.7MB

              Download

            • memory/400-40-0x00000000024B0000-0x00000000024B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/400-39-0x0000000000400000-0x00000000005A9000-memory.dmp

              Filesize

              1.7MB

              Download

            • memory/400-28-0x00000000024B0000-0x00000000024B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1632-18-0x0000000075AF0000-0x0000000075BE0000-memory.dmp

              Filesize

              960KB

              Download

            • memory/1632-42-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-2-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-29-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-20-0x00000000776B6000-0x00000000776B7000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1632-33-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-35-0x0000000076D60000-0x0000000076DDA000-memory.dmp

              Filesize

              488KB

              Download

            • memory/1632-34-0x0000000075AF0000-0x0000000075BE0000-memory.dmp

              Filesize

              960KB

              Download

            • memory/1632-5-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-36-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-6-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-19-0x0000000076D60000-0x0000000076DDA000-memory.dmp

              Filesize

              488KB

              Download

            • memory/1632-46-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-50-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-55-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-59-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-63-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-68-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-72-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-76-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-80-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-85-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download

            • memory/1632-89-0x0000000000400000-0x0000000000473000-memory.dmp

              Filesize

              460KB

              Download