Overview

overview

7

Static

static

7

468cd5264e...c1.exe

windows7-x64

7

468cd5264e...c1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2024 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    468cd5264e36e1cf57422654adbee8c1.exe

  • Size

    6.9MB

  • MD5

    468cd5264e36e1cf57422654adbee8c1

  • SHA1

    10690c6d6a3af752b3653e374bd17acea04b0398

  • SHA256

    21cc88a1921cee2e32922bb7ac9cc9b94245feff9e6dd80a71aac4b8f6a36251

  • SHA512

    848fb46d9e14be6869d4a1ff5170ebaffe417cf2ae4766c0ce900a66a6fc40d4c111f5776c00247fc25f4b31baad43fdff0d1d35b63aa7dadf9af5af5306d010

  • SSDEEP

    196608:CyjxfzcW17/FdDGmUSDcM0kltRBhs+9tKZlcVmJC:PNbcW17bGmboM0klH/izcVm

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\468cd5264e36e1cf57422654adbee8c1.exe
    "C:\Users\Admin\AppData\Local\Temp\468cd5264e36e1cf57422654adbee8c1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\468cd5264e36e1cf57422654adbee8c1.exe
      "C:\Users\Admin\AppData\Local\Temp\468cd5264e36e1cf57422654adbee8c1.exe"
      2⤵
      • Enumerates connected drives
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2240-12-0x0000000000400000-0x0000000001450000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/2240-1-0x00000000001D0000-0x00000000001D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2240-2-0x0000000010000000-0x0000000010766000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/2240-4-0x0000000010000000-0x0000000010766000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/2240-7-0x0000000010000000-0x0000000010766000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/2240-10-0x0000000010000000-0x0000000010766000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/2240-0-0x0000000000400000-0x0000000001450000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/3020-24-0x0000000000400000-0x0000000000A49000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/3020-13-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-17-0x0000000001450000-0x00000000016D5000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3020-19-0x0000000001450000-0x00000000016D5000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3020-22-0x0000000004730000-0x0000000004733000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3020-20-0x0000000001450000-0x00000000016D5000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3020-23-0x0000000000400000-0x0000000000A49000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/3020-18-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-27-0x0000000005370000-0x0000000005371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-26-0x0000000001E80000-0x0000000001E81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-25-0x0000000000400000-0x0000000000A49000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/3020-21-0x0000000003A40000-0x0000000003A41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-15-0x0000000001450000-0x00000000016D5000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3020-11-0x0000000000400000-0x0000000000A49000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/3020-9-0x0000000001450000-0x00000000016D5000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3020-29-0x0000000001450000-0x00000000016D5000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3020-30-0x0000000003870000-0x0000000003871000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-32-0x0000000001450000-0x00000000016D5000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3020-31-0x0000000000400000-0x0000000000A49000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/3020-34-0x0000000003A40000-0x0000000003A41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-35-0x0000000004730000-0x0000000004733000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3020-37-0x0000000005370000-0x0000000005371000-memory.dmp

    Filesize

    4KB

    Download