Analysis

  • max time kernel
    94s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 03:40

General

  • Target

    4a5783b883b52012f1b0c2852f4f71c3.exe

  • Size

    661KB

  • MD5

    4a5783b883b52012f1b0c2852f4f71c3

  • SHA1

    87109375237f028d3a567cd7e0f030619dcc4a05

  • SHA256

    21162829c287f0ffacaa0f31372995b2b78c873cea38785b1eaa89c93b33d26a

  • SHA512

    c16fecf77e0a404f4d01130b41d1f1cbdf39c6be48436b17744b034e85d446de03f776f55868e3d0e353a3ceeafcfbea477d734de8759f4ccfb2b54cf81694e3

  • SSDEEP

    12288:mSI2A2u/WGo+n31k1OxVGL5xLz7MGuU/YuLW4htuM7Cy90Xg:XI72u/WGo41kSGtx37rYuLoyYg

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
  • Modifies registry class 44 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a5783b883b52012f1b0c2852f4f71c3.exe
    "C:\Users\Admin\AppData\Local\Temp\4a5783b883b52012f1b0c2852f4f71c3.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Users\Admin\AppData\Local\Temp\4a5783b883b52012f1b0c2852f4f71c3.exe
      "C:\Users\Admin\AppData\Local\Temp\4a5783b883b52012f1b0c2852f4f71c3.exe" /adm /recovermode
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1456

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1456-14-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/1456-27-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/1456-26-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/1456-25-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/1456-19-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/1456-18-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-8-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-11-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-12-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-13-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-10-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-9-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-0-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-5-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-4-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB

        • memory/2600-3-0x0000000001090000-0x0000000001250000-memory.dmp

          Filesize

          1.8MB