04fea0668ffa1613be5f052755c88fbbe72ea47ddcc0d808771939c38a9e8f9a

Analysis

max time kernel
0s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 21:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c7ae700358aad423ddc5196d3c03618.exe
Size

186KB
MD5

4c7ae700358aad423ddc5196d3c03618
SHA1

934950ec62a96deff378825ec51b4455dea45c60
SHA256

04fea0668ffa1613be5f052755c88fbbe72ea47ddcc0d808771939c38a9e8f9a
SHA512

446a8e25ab6ba05c0e6c50719b620f8d8cc7d18d06f874a6b9aba73d1250022207842671e5d91f9653c06d79c82704a411748c40d72fb5b210784f58c00b0500
SSDEEP

3072:vXsEMh4Qi7+x8a4f58GgyQl3RGzD6uiushKnsQjY4PwUsOUIgESo6OJ4:vXsEHQiI8acMlAsuY0OUhzSoY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3980-0-0x0000000000FF0000-0x0000000001069000-memory.dmp	upx
behavioral2/memory/3980-20-0x0000000000FF0000-0x0000000001069000-memory.dmp	upx
behavioral2/memory/3980-23-0x0000000000FF0000-0x0000000001069000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\4c7ae700358aad423ddc5196d3c03618.exe
"C:\Users\Admin\AppData\Local\Temp\4c7ae700358aad423ddc5196d3c03618.exe"
1⤵
PID:3980
- C:\Users\Admin\AppData\Local\Temp\n3957\ins3957.exe
  "C:\Users\Admin\AppData\Local\Temp\n3957\ins3957.exe" ins.exe /e11736288 /u50d1d9d5-cf90-407c-820a-35e05bc06f2f
  2⤵
  PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\n3957\ins3957.exe

Filesize
59KB

MD5
abcbd3cbbd6b7d060181c4a62a1e0406

SHA1
54bae7af22a005023a17ff009263dd1f6500eacb

SHA256
ec8aeb7427059d1e757f85476e3d25d0598a3d67de7dab1139284d355ccb9f01

SHA512
36f806b2e36100af8f9bdadf48722ca1d1c6a79a915715a53ab898757aed3549640763e522746c968d98692537fc3ea97ae1b418cd0422772fc919881ac27aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\n3957\ins3957.exe

Filesize
49KB

MD5
c5cef735e2bbb4ed20cac93baa55a382

SHA1
81a534f22dac4ce67bdb27117e0413bd0860c047

SHA256
acd91b1d4c2aa58a04d6c30dd18c3a65a2526d6c75e05a44bc57d5d4a29d26e8

SHA512
c5c1735b0046a8b8c683c0554b34182a5fe4e1ec191c3445570b31ab2839169ac3b5efad7a2c1f3d33c485783529ee68e51ac6b4f391cad0b7464d8c2da0e416

Download Submit
C:\Users\Admin\AppData\Local\Temp\n3957\ins3957.exe

Filesize
66KB

MD5
d2c181b2c1263035feb0276fa46edbc9

SHA1
7963961ab3943a7fe94b02fa5fed95180a86801a

SHA256
aeea18af65e2d05aa72cae5228cbbfe17af39e79349de28e850b74676f0f4257

SHA512
be67b1881ca18ff040437ad9d5714cee69efb93b743128605babcf8debbc85c945175b333acdff37e5537bf738d625ff28f0892d0b66aa81a32354da819ff2cf

Download Submit
memory/3980-0-0x0000000000FF0000-0x0000000001069000-memory.dmp

Filesize
484KB

Download
memory/3980-23-0x0000000000FF0000-0x0000000001069000-memory.dmp

Filesize
484KB

Download
memory/3980-20-0x0000000000FF0000-0x0000000001069000-memory.dmp

Filesize
484KB

Download
memory/5108-12-0x00000000735F0000-0x0000000073BA1000-memory.dmp

Filesize
5.7MB

Download
memory/5108-17-0x0000000001130000-0x0000000001140000-memory.dmp

Filesize
64KB

Download
memory/5108-18-0x0000000001130000-0x0000000001140000-memory.dmp

Filesize
64KB

Download
memory/5108-19-0x0000000001130000-0x0000000001140000-memory.dmp

Filesize
64KB

Download
memory/5108-13-0x00000000735F0000-0x0000000073BA1000-memory.dmp

Filesize
5.7MB

Download
memory/5108-22-0x00000000735F0000-0x0000000073BA1000-memory.dmp

Filesize
5.7MB

Download
memory/5108-14-0x0000000001130000-0x0000000001140000-memory.dmp

Filesize
64KB

Download