Overview

overview

7

Static

static

7

df1b629648...e9.exe

windows7-x64

7

df1b629648...e9.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    73s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 18:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    df1b62964850a713bfdb276173fb0f48e76897b65958237569f5e6f95508c2e9.exe

  • Size

    274KB

  • MD5

    053bd76a9b99af4bc5344fc29deebb37

  • SHA1

    6e53159aa78fb5c3df129e7874c2f08c2eb8e117

  • SHA256

    df1b62964850a713bfdb276173fb0f48e76897b65958237569f5e6f95508c2e9

  • SHA512

    8dc231fceef7766bff866347851c90fe38a9efc72bd879911fcb2efcb6ffa415b3318b0bcf90b141b5c650495e5906304e85f6feebdecc83fa67d0a0fcdefdb2

  • SSDEEP

    6144:tbTirrfykiiUjh6QH/cEOkCybEaQRXr9HNdvOa:tPcrfR6ZnOkx2LIa

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 5 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df1b62964850a713bfdb276173fb0f48e76897b65958237569f5e6f95508c2e9.exe
    "C:\Users\Admin\AppData\Local\Temp\df1b62964850a713bfdb276173fb0f48e76897b65958237569f5e6f95508c2e9.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2152

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8ce804e7bdae218b4788cde76d754b78

          SHA1

          07bc9a17c6d127e970eeb6ae5dcafb911071a683

          SHA256

          6774402e2ea1ae5f8cac4fde013c3c479699bb930848c9ee2192cb4290e33d21

          SHA512

          6d8e50edcb76ce0c296b69c97b634e565fa2801cd125a52c6266654ab7c6731d70e5fb18c414b6ff3ef7d5338a4768a0fc2b14de5f2b223f83dca50add62627e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar5ED8.tmp
          Filesize

          50KB

          MD5

          5f7670508df706ea569e25c5269d7a4b

          SHA1

          7e59ebd3a151b371b0975482c44bbcc50296a5bb

          SHA256

          5f32dac19d9d36312b349eb7391162b78537a3f030c467f76177646e111fd6d9

          SHA512

          44bb41414dd9077eff16237cfbe8b791067d1552b0a5f7e6c377a7081e77bb4df49ef2f6ff3184da25984dee50103f9b07704aacdc856bd01a9ab226bba9b28c

          Download Submit

        • memory/2152-0-0x0000000000B10000-0x0000000000B9C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/2152-21-0x0000000000B10000-0x0000000000B9C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/2152-27-0x0000000000B10000-0x0000000000B9C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/2152-112-0x0000000000B10000-0x0000000000B9C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/2152-115-0x0000000000B10000-0x0000000000B9C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/2152-225-0x0000000000B10000-0x0000000000B9C000-memory.dmp

          Filesize

          560KB

          Download