Overview

overview

7

Static

static

7

83dafce056...a5.exe

windows7-x64

7

83dafce056...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2024 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83dafce0560e7493e6dae82c270131a5.exe

  • Size

    394KB

  • MD5

    83dafce0560e7493e6dae82c270131a5

  • SHA1

    5fdfe162b399a315508a55535c5b1f31012e4f39

  • SHA256

    80c26f68b8a46af63f3ee4b35c8150f1710d7aaa1cf8e39cb5c94ec29e9b7c11

  • SHA512

    cf2a9c2db3ee19a17979d2b3e92103566a691d59af8f376a56fcc1df1be12a06d47d40c6df0a7e54db4e2575486fd481e95560813721440105e06ba49196e18e

  • SSDEEP

    6144:9bpGtfoVtScw2RCgrzItQB2bpGtfoVtScw:TGtAtScw3qEKBYGtAtScw

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 34 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 17 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\ZSYIAUE.EXE
    C:\Users\ZSYIAUE.EXE
    1⤵
    • Executes dropped EXE
    • Modifies system executable filetype association
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2360
  • C:\Users\Admin\AppData\Local\Temp\83dafce0560e7493e6dae82c270131a5.exe
    "C:\Users\Admin\AppData\Local\Temp\83dafce0560e7493e6dae82c270131a5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\NSNV.EXE
    Filesize

    1KB

    MD5

    ed1267deeb39291b72351b89af5e81e0

    SHA1

    45ff406c7bf0fe98cd2eccd65cd353d108986ee3

    SHA256

    557fda6dd58b2e85e96b00524c163fc1c6c745fe5d8764926481bfc759993b12

    SHA512

    3b1b4942a1988f36e3377865088885613b5cfa2c2633b7f08df961e0370468b17325d73544581f1daf5d32b94a1cd9d0c335cdee7e7d9826dae3391e94b7257c

    Download Submit

  • C:\Users\ZSYIAUE.EXE
    Filesize

    35KB

    MD5

    add5349691168f08cdfa1ddc5636271b

    SHA1

    b8ed7c61a51dc5aa08ef3abf71b9906d8a386dfe

    SHA256

    2aebf6db3fb072b595efc54a7eca44cf1c0fc7f3a1d4b10b82ee19b1be86a69c

    SHA512

    3581aa34f56f8ff04d6d2cd97cfcb16c20a0433e33cbbe8d81dec583b0f664e8fd725c03908cfc7f2a5939cb6dab73a5797ff77ee2b348c88687a0f4e0d4c083

    Download Submit

  • C:\Users\ZSYIAUE.EXE
    Filesize

    9KB

    MD5

    d4574e60e00313aa6bf14261d789bdc7

    SHA1

    75a3dba1ff627c12c58b07a4668e6bbd44d48627

    SHA256

    d76a25081fa9105ac350e9e62f22dcc99dd1aba2c51d5776115708ddbcd9ac23

    SHA512

    1da522135ff6074a677cf6a4dec7848bd86fc65213349b95f4e3a69d370099677cefe1792b1162297022aad111b4780ff687bd2e98ace4449b8ebb3e8f87f7f3

    Download Submit

  • \Users\ZSYIAUE.EXE
    Filesize

    13KB

    MD5

    eae72cded1c41fab13c5b50b2125dc89

    SHA1

    4b230c63f30a517dd5592a1c393d3cabb8fe695f

    SHA256

    9486b124e7051ae0f9c98e58d854f1d5630886d9e6ba71e4ecc910ea7cca2e45

    SHA512

    70c13e39f814072bac595e96ba6039da3924ffb6be2ec0c4edcfcf19014f3b4247a4743ef242908b5b5d1e85c5c79b8da387b7ce69c2ae5d3b0a9097cd1033b7

    Download Submit

  • \Users\ZSYIAUE.EXE
    Filesize

    24KB

    MD5

    6352e879cc13c6c3afdefd10b69febfe

    SHA1

    89751bd0cc12fae631bbeb039a27533ec8908096

    SHA256

    d062a31f66a6ad14b62321e35e901705b13d9bbe859609705d2495e7a49845a9

    SHA512

    b793a01053d76fcb95d27c2adce1b34ea760775348270d60f7a0e882ce82e4a125538fc9d7e84616d0a8558ea2ad0b31acdc83082ae3509efc7aed6eaf9e8bb9

    Download Submit

  • memory/2360-41-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-45-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-29-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2360-49-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-31-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-28-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-48-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-36-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-37-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2360-38-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-39-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-40-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-47-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-42-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-43-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-44-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2360-46-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2572-27-0x0000000001CF0000-0x0000000001D5E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2572-0-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2572-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2572-30-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download