Overview

overview

7

Static

static

7

a8b15ac4c3...81.exe

windows7-x64

7

a8b15ac4c3...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 12:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe

  • Size

    536KB

  • MD5

    0ba3a9821815ed40b00d8929d75d6188

  • SHA1

    df20fba2725c2cc895e591de0392ce64dea280fd

  • SHA256

    a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781

  • SHA512

    aa68eb8ca8c56c78c450d49acfa19a78ea38ddecc4dfc365a8e326297141e7b90fe42775c1bfc98c68662160f4f42dee30defa2f7c276d6738981ba8e2fdc302

  • SSDEEP

    12288:Ghf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:GdQyDL9xp/BGA1RkmOkx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe
    "C:\Users\Admin\AppData\Local\Temp\a8b15ac4c3c0dc0842e91c04c1b1313b8fc7a13aebe07062538853d94590d781.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3036
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3036-25-0x00000000009F0000-0x0000000000AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3036-62-0x00000000009F0000-0x0000000000AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3036-45-0x00000000009F0000-0x0000000000AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3036-0-0x00000000009F0000-0x0000000000AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3036-31-0x00000000009F0000-0x0000000000AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3036-13-0x00000000009F0000-0x0000000000AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3036-26-0x00000000009F0000-0x0000000000AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3036-24-0x00000000009F0000-0x0000000000AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3348-4-0x0000000002EA0000-0x0000000002F19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3348-15-0x0000000002EA0000-0x0000000002F19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3348-3-0x0000000002B20000-0x0000000002B23000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3348-5-0x0000000002B20000-0x0000000002B23000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3348-6-0x0000000002EA0000-0x0000000002F19000-memory.dmp

    Filesize

    484KB

    Download