Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2024 19:03

General

  • Target

    41ab5171ab01c33b6ab3c99c0bbc238b.exe

  • Size

    13.6MB

  • MD5

    41ab5171ab01c33b6ab3c99c0bbc238b

  • SHA1

    ee64a916167c4e3790e238bc2c91ee2fd46a3652

  • SHA256

    479a38d36694b48372c4994002ae90cd991c217bf91fc98bb0eadd4399a8318d

  • SHA512

    5173bbaab41c0f82413d3e571948b1779bb012d9b13357a551b75ffb259f6e8b35f2c9bbd46c4b8a340d9c7b3f27a446e7da74d26b99d4a349d3f2704cb78a0d

  • SSDEEP

    98304:jjBxcO4EYTjmOxTPKvXhH1yjmOxTPKvXK1yjmOxTPKvXhPsY+dy0ZScIBqBT11o:jjBxcO4jjmUjNUjqsC

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 7 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • NTFS ADS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41ab5171ab01c33b6ab3c99c0bbc238b.exe
    "C:\Users\Admin\AppData\Local\Temp\41ab5171ab01c33b6ab3c99c0bbc238b.exe"
    1⤵
    • Drops file in Drivers directory
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 2092
      2⤵
      • Program crash
      PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

    Filesize

    128KB

    MD5

    bea604bac5a3d158eda116b9bc05f3bb

    SHA1

    efcf7bdcb0f2c513aa30301487764e8fb776593d

    SHA256

    63fd697884eb5e7aa110951dcbc0e7e5081b91fe2fa267f0560b601cb43ba06c

    SHA512

    6ca72c09947cf5c81636be9fbc0f78bb2fdb6d39ea6973b5f6dce9f9435823105c28c42f1a3137e206ec1fc8d9b663ff60a66766bef2882b73df5969d7ef60a3

  • memory/2088-1-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

  • memory/2088-280-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB