Overview

overview

7

Static

static

7

e3790ab291...a7.exe

windows7-x64

7

e3790ab291...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    163s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 12:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e3790ab291d06a1fee03b18270486c6bbe228d0b3fb609c0820f4f38d09d86a7.exe

  • Size

    536KB

  • MD5

    c0e2540d8deb66835f78d44df8a90098

  • SHA1

    10bb2b3e3139671704deb9833b101f4b3d5b7de0

  • SHA256

    e3790ab291d06a1fee03b18270486c6bbe228d0b3fb609c0820f4f38d09d86a7

  • SHA512

    f2a7bddc5c09c99698ae01af0854ed4bd13937c867900c204e5fca6482f3032e685b1c9d5bedc8fe950f7f08b22371dcb55e1dcdf66a0c7d5ba4bcc6c28e6ef3

  • SSDEEP

    12288:Lhf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:LdQyDLzJTveuK0/Okx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    PID:3520
    • C:\Users\Admin\AppData\Local\Temp\e3790ab291d06a1fee03b18270486c6bbe228d0b3fb609c0820f4f38d09d86a7.exe
      "C:\Users\Admin\AppData\Local\Temp\e3790ab291d06a1fee03b18270486c6bbe228d0b3fb609c0820f4f38d09d86a7.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4360

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
          Filesize

          1KB

          MD5

          0fd37457356cb7e5b540cbf9f2994f11

          SHA1

          70cb5723cd1016993535e021df7d2368b13c4711

          SHA256

          f6b81f04024798caabed4299d5ee85e30f1a8d5c1171dcce0c950714c71fb2d5

          SHA512

          fb67b5a7a0423c33a5b10879d359b4c3ddf0355d00a9be377f5ee3e636665db87cf74b202e276a37691106a71c411b96291c82202e7699cf71d43c061e6002d8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
          Filesize

          937B

          MD5

          2b8f154a1ad8e38564c8eddc9f79e98c

          SHA1

          184408041346bbebcb6127ae1cf1b756c3e8b5fd

          SHA256

          607a7b2d77cc24953f760e41853852bc7df90580f76d60a2818cc755cf7a12b5

          SHA512

          634b49a51f0098ca41a208f3b95b85e19bcc87951f528d750afa1d132e2b6beceea52f5dd8ca358a8d9ef898087a55fdebfcb8fc60d8a1ff53066c2296637bd7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
          Filesize

          502B

          MD5

          050dff69aa3513166f848e35edc3a9ed

          SHA1

          f5a375734109b633e178b5504653a640eee60863

          SHA256

          af34f0fc0a40b54ada7d94c40d57d59b7fe4480a26dadf82e6481ac04e056f7a

          SHA512

          a1b8a030996f399afedbcf7ad9e80a121d9b9bd8e9431c9e504a3c2eeca84b4327d4feb30aa1e845fb2b1a60a1f498346d56c8ec308f6469b747491fdd5e6500

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
          Filesize

          520B

          MD5

          369d3a1b4a24985d7651490d6b4e24a4

          SHA1

          2dbb1adb6927147083a663405bf67d75177bfa4a

          SHA256

          fec360d7735ca5c2ac9c8a9088a00f469f49732c104cc432afb412ffd175bb42

          SHA512

          089a03624bae62abed88b43d3a210031518818f6a5f36b4bb6407d132619a4b4b1757ee84ae6c09a18669bd3c6dcbc880d4267bfd18dbfc709ca0e77e1052a04

          Download Submit

        • memory/3520-7-0x0000000002800000-0x0000000002803000-memory.dmp

          Filesize

          12KB

          Download

        • memory/3520-8-0x0000000008280000-0x00000000082F9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/3520-17-0x0000000008280000-0x00000000082F9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/3520-5-0x0000000008280000-0x00000000082F9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/3520-3-0x0000000002800000-0x0000000002803000-memory.dmp

          Filesize

          12KB

          Download

        • memory/4360-20-0x0000000000140000-0x0000000000242000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4360-0-0x0000000000140000-0x0000000000242000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4360-4-0x0000000000140000-0x0000000000242000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4360-30-0x0000000000140000-0x0000000000242000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4360-31-0x0000000000140000-0x0000000000242000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4360-36-0x0000000000140000-0x0000000000242000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4360-48-0x0000000000140000-0x0000000000242000-memory.dmp

          Filesize

          1.0MB

          Download