Analysis

  • max time kernel
    13s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 06:19

General

  • Target

    4fd0368a5c08dffe2002474254e3298a.exe

  • Size

    443KB

  • MD5

    4fd0368a5c08dffe2002474254e3298a

  • SHA1

    80f73eca064862aeb0f52081c84bbfddcaa8b438

  • SHA256

    aaabe3e2839e20b546e0ff144043ec6d185e82163554ef1b7c417e9032709e87

  • SHA512

    bc194d42969a2bb4801ac26e66bb6a1d8a03f8ef6d89c43e7ab427af1deb335931b580deea376e5b63f6a1d337367cbe18389bd53ad3a9574d0ae1138dd18c19

  • SSDEEP

    12288:nV/V1niLrRIRkB9sauAmApRCz7XaV7DxJpLRQ+bq5:58dIRkBjuLApYQjDFm

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fd0368a5c08dffe2002474254e3298a.exe
    "C:\Users\Admin\AppData\Local\Temp\4fd0368a5c08dffe2002474254e3298a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\ProgramData\bEgEjMa07000\bEgEjMa07000.exe
      "C:\ProgramData\bEgEjMa07000\bEgEjMa07000.exe" "C:\Users\Admin\AppData\Local\Temp\4fd0368a5c08dffe2002474254e3298a.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2080

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\bEgEjMa07000\bEgEjMa07000.exe

          Filesize

          59KB

          MD5

          85e65ffd04ebe372ebb6de97dfe4a5b0

          SHA1

          e53dd89e5b4fc9f2851c1a4c5aee2d0e788f6163

          SHA256

          cd382a98902204af66c117604f49882e21ccabfe4bd44e6af6a0fcc95698e223

          SHA512

          6dd1fd4d55563c22d0ec00faffd2e590aa478e95c34cbf30ba90d054da8f96ed02b76383c69c9c73f868c665b477b01337ea885025a0d740f73334e8303eace5

        • C:\ProgramData\bEgEjMa07000\bEgEjMa07000.exe

          Filesize

          108KB

          MD5

          4af148896ad8510c1ce4ddc4f66484f4

          SHA1

          9c1a22850c65bf4fdba00af3dc40943f8673a74c

          SHA256

          220e0823d0525ad4afedccf1c1c3ed4ddc1df1bc81a319eca03ddac4435b8b8a

          SHA512

          41c769111f1ed50daf316bdd3a6c5f29a7d208bbc82641b730007b4a4c2c634f3b980531f1f8df0fd845ed801b71b5353930c8423ab1c15d87ae4ec477fc9be0

        • C:\ProgramData\bEgEjMa07000\bEgEjMa07000.exe

          Filesize

          52KB

          MD5

          2745bde27b6c1b0e5b7b5358219320a6

          SHA1

          250d09e18bdcf4265d1e915bc3f196f96de80920

          SHA256

          539a150c439bf245bc2a668358bc99602f044d14fd4106709c2a132d07bca5cd

          SHA512

          5f49b37628f0c8ae2b3406e22561020ec3a5674cb4bd577ce13b80f38fc064a9a64401a354131ec6f40044da5fc1e308c267f7631e9ba6ff934ef824d73a63f1

        • \ProgramData\bEgEjMa07000\bEgEjMa07000.exe

          Filesize

          19KB

          MD5

          8ca4098a64a8896b0071c0ed81b18172

          SHA1

          25ab1f7df7151163c1678fca98fbc160f75b022b

          SHA256

          748086bb4c088a067f5f56f9c65de1f95af0e8464244092436fc73d64dbb8fc1

          SHA512

          42605a49c4602c5ecabaa49addb35f4c84f307d5fc1bb5b57b0433d23ab2df162c1ef2a4d75f8b77cc4a41f58b0313f0c7713f00d4bf76ad79ebcb1566dbba95

        • \ProgramData\bEgEjMa07000\bEgEjMa07000.exe

          Filesize

          64KB

          MD5

          0e33f8638b51051ce792a2e56e3e53a1

          SHA1

          ee216451f301424b1fa388ac1054d12a95a5c4b8

          SHA256

          f4f77ac5aa6346cfd367787751789b468e645d6f6053d4ee99cc8da8ea2d07a8

          SHA512

          9ea1da584fd9effdf41458df309ceeb5e8350cf780553ddcae719b05172a17c18825d7d77e7a5fe6e8c5411220d9b2c5222675779ea9bfd1ca71332ef0fb5092

        • memory/2080-22-0x0000000000400000-0x00000000004B9000-memory.dmp

          Filesize

          740KB

        • memory/2080-16-0x0000000000400000-0x00000000004B9000-memory.dmp

          Filesize

          740KB

        • memory/2080-17-0x0000000000260000-0x0000000000360000-memory.dmp

          Filesize

          1024KB

        • memory/2080-15-0x0000000000260000-0x0000000000360000-memory.dmp

          Filesize

          1024KB

        • memory/2080-39-0x0000000000400000-0x00000000004B9000-memory.dmp

          Filesize

          740KB

        • memory/2080-26-0x0000000000260000-0x0000000000360000-memory.dmp

          Filesize

          1024KB

        • memory/2180-2-0x0000000000600000-0x0000000000700000-memory.dmp

          Filesize

          1024KB

        • memory/2180-21-0x0000000000400000-0x00000000004B9000-memory.dmp

          Filesize

          740KB

        • memory/2180-25-0x0000000000600000-0x0000000000700000-memory.dmp

          Filesize

          1024KB

        • memory/2180-0-0x0000000000600000-0x0000000000700000-memory.dmp

          Filesize

          1024KB

        • memory/2180-1-0x0000000000400000-0x00000000004B9000-memory.dmp

          Filesize

          740KB

        • memory/2180-54-0x0000000000400000-0x00000000004B9000-memory.dmp

          Filesize

          740KB