Overview

overview

7

Static

static

7

11ef503ede...2a.exe

windows7-x64

7

11ef503ede...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 12:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11ef503edefacff46dd3db9a1cd2033be47b96aa0dcc59c21fb22b4935018e2a.exe

  • Size

    536KB

  • MD5

    58544e8ff981e7c032a7da6a26e0720c

  • SHA1

    0cbeb0d3106825854f40bc25b0249c8de3e26f1d

  • SHA256

    11ef503edefacff46dd3db9a1cd2033be47b96aa0dcc59c21fb22b4935018e2a

  • SHA512

    8d94cbf28e098de4d9ad36262e1c1725b66bb21dfe73130d670e1f39c9680fb0fa492da1209e6f9c21f2af16bcac03e037680969b2eb4c69792b0f763ca57b51

  • SSDEEP

    12288:Zhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:ZdQyDL9xp/BGA1RkmOkx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3420
    • C:\Users\Admin\AppData\Local\Temp\11ef503edefacff46dd3db9a1cd2033be47b96aa0dcc59c21fb22b4935018e2a.exe
      "C:\Users\Admin\AppData\Local\Temp\11ef503edefacff46dd3db9a1cd2033be47b96aa0dcc59c21fb22b4935018e2a.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    1KB

    MD5

    2057022029ea6edfa4a9b4b5e4fcdd93

    SHA1

    ff0f42b360e42def4986b94ff26c7428969ccf5c

    SHA256

    380962acffbedaaaf70faabba316377d436eb5e3cefbed011747c51fcf732eaa

    SHA512

    203794643dbb56546d5d5c58bac7163e40f9563d6127c82a2e0c0e4f479af86a2593ffff6bf2e4d1028ef509caba0a2cb8e1bcef47af9e46254d07913d970f4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_3AF0FDC80EA858911339035786739FF3
    Filesize

    938B

    MD5

    a43f96ee122c21c9d32e2845dfc63f6f

    SHA1

    92cb0061bbcb99a88bbe09075af3e06a6016bef0

    SHA256

    fd0437555027595676c3854d83879c206390827812f3676fe32ef3cfe8a4d4c0

    SHA512

    26f4a64a23ad812af33e80a5dbe6ecfc9d35e55296ab81f07824e7683bb7e4f0ca6897ec10e425b2d8b22b087b8068f97b93fabda84ceaa7062c131aab847430

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    502B

    MD5

    c29309b128f2c635b012a9ce3de003ee

    SHA1

    3ed98ae049aad50ebf80a2362ab8f89e35673ae3

    SHA256

    4fbf6a60211a99fd4df848dc925f2cb53887afce36d31eeed08286959dd4cda3

    SHA512

    e38a87081b9912e40bf2fe8d6e85f8fdb6186685605d67359da2c5b55d2d9e699de48eb07b226e51429b67d8dcf143f6a3843f0e4093ffb31e2484a239d9b679

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_3AF0FDC80EA858911339035786739FF3
    Filesize

    520B

    MD5

    1c3698bae8af844d9da45739d3a7f098

    SHA1

    38394f49b30c388299ff640a1e29fc744737087f

    SHA256

    deccb897b043eeffe1e555f4d513b0853e4a929974008fa4f3309c44c93d19e4

    SHA512

    8f3a5bfd47c4ea7a0762bae4cfdf2a219305206228327d44fb94c6979350022f33eaaf2101b9f4d6e1d6bad9fe507d5ecd11a4fa77beaeeb1600269a0a384cd1

    Download Submit

  • C:\Windows\443520
    Filesize

    4KB

    MD5

    53a91d84857202dd10ca86ac4a975bad

    SHA1

    2d47dde924afd9b28af9efa752d980b6ee7709c7

    SHA256

    521a059fa3054a252366ea99e6a1ebdac53bbff5cea954b76d25a5f7cf2e48ec

    SHA512

    a38d866c769d1c17772ad8a94a78de717b227c8e4811c866396d4c4795f8a8adeffa5a6d98a59b90316d5483a7906a1f40652c2e32d9520213889570fdaa471b

    Download Submit

  • memory/3420-4-0x0000000002BE0000-0x0000000002C59000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3420-16-0x0000000002BE0000-0x0000000002C59000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3420-5-0x0000000002AC0000-0x0000000002AC3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3420-7-0x0000000002BE0000-0x0000000002C59000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3420-3-0x0000000002AC0000-0x0000000002AC3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3984-14-0x0000000000990000-0x0000000000A92000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3984-0-0x0000000000990000-0x0000000000A92000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3984-25-0x0000000000990000-0x0000000000A92000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3984-29-0x0000000000990000-0x0000000000A92000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3984-39-0x0000000000990000-0x0000000000A92000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3984-59-0x0000000000990000-0x0000000000A92000-memory.dmp

    Filesize

    1.0MB

    Download