Overview

overview

7

Static

static

7

69dcc04191...21.exe

windows7-x64

7

69dcc04191...21.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    3s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2024 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69dcc0419197a78aaaa22f7fb2656221.exe

  • Size

    1.6MB

  • MD5

    69dcc0419197a78aaaa22f7fb2656221

  • SHA1

    f79b0054fd7bdec3fc64f1dabcd5e28ea585b3cc

  • SHA256

    3b9c9e21a7f30b7be69f57174eb88e049bc1d66cf70b8372a18871536b50bef2

  • SHA512

    975318ed4362df5c472ffce22463d454bdc7bad3eb71397512cd49866248cc9d68bb0f73205d3401528dfa82d4b8be6790b3f67d47cfed2285869b2962f792dd

  • SSDEEP

    24576:NSLzXfXTXa+3N2nNuyZMuXh8q2izf/Jfl0ArIzM85uIU8eX0Pysrjpfl:NwbXZkMgV2ijdPrIzhU8ekaUd

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69dcc0419197a78aaaa22f7fb2656221.exe
    "C:\Users\Admin\AppData\Local\Temp\69dcc0419197a78aaaa22f7fb2656221.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Users\Admin\AppData\Local\Temp\69dcc0419197a78aaaa22f7fb2656221.exe
      "C:\Users\Admin\AppData\Local\Temp\69dcc0419197a78aaaa22f7fb2656221.exe"
      2⤵
        PID:2832
        • C:\Users\Admin\AppData\Local\Temp\69dcc0419197a78aaaa22f7fb2656221.exe
          "C:\Users\Admin\AppData\Local\Temp\69dcc0419197a78aaaa22f7fb2656221.exe"
          3⤵
            PID:3060

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Windows Sidebar\Shared Gadgets\japanese trambling fetish lesbian .mpeg.exe
        Filesize

        1KB

        MD5

        dd766813048c50688a3264898fb546cc

        SHA1

        cca5b28ed0f0cd1a5225486958e86f48fcb20ca3

        SHA256

        fa5d45cb965c29e7a07a5f4714591d7469a87b0637b2c9648b89a23499af70fd

        SHA512

        85893deff357602777ff81209336eb448b9dffa353a232b9dbc61fba78bd66bdfbbfb4c42798ca3c28a52aa3563fc0e446fa4679ef6f70068f7af8958af6ba14

        Download Submit

      • memory/2832-6-0x0000000000400000-0x000000000041E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2832-55-0x0000000004900000-0x000000000491E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2832-97-0x0000000000400000-0x000000000041E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2832-99-0x0000000004900000-0x000000000491E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2916-0-0x0000000000400000-0x000000000041E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2916-5-0x0000000000560000-0x000000000057E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2916-95-0x0000000000400000-0x000000000041E000-memory.dmp

        Filesize

        120KB

        Download