Analysis

  • max time kernel
    147s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2024 14:20

General

  • Target

    676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe

  • Size

    1.7MB

  • MD5

    7687cbe6769001af75b61c8e053221f2

  • SHA1

    5723b7d6c6dbd2a3d1a7671ab95a28921525f5fd

  • SHA256

    676a2a0d88a79012300a63092da090f5b0d0bdfc105541732254e0ae1feb2fcb

  • SHA512

    d52da2ef2a8d4f671b2b69aeb90d85a1627252c6090cc77569bf5a38407f1adb8158c5caf9572c13fecd57bef5bfe50558eca62b744cae699ea8778c251903dc

  • SSDEEP

    24576:eNcBtkdOdTNpGu522pL8cX2QrOtUUqi8BQLvYOHgDD/bcNuh+S1hKlMLkhWgvoNT:51bGCfL8cX2N2UhLAX/+uh+S14sBZ

Score
7/10
upx

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe
    "C:\Users\Admin\AppData\Local\Temp\676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Users\Admin\AppData\Local\Temp\Windows Loader1.exe
      "C:\Users\Admin\AppData\Local\Temp\Windows Loader1.exe"
      2⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Windows Loader1.exe

    Filesize

    335KB

    MD5

    0b7bc397d50b7bb8eaa1b72955b67ba5

    SHA1

    062baec6122a88779efdf5313505d1dd158b89c1

    SHA256

    c2bee3dd478d919e50ecdd5307e912da06bf68634a821e21d4281c9c3b702856

    SHA512

    ad6287b32fc94f4903167a11fc85675eb70af0e6083c627711a0b5192e0f98674cb352c96ac3a78bec30d7475667900731df6be58addd9e695a3c605ebb282cd

  • C:\Users\Admin\AppData\Local\Temp\Windows Loader1.exe

    Filesize

    295KB

    MD5

    572c822391173c7de4ed431a311be299

    SHA1

    2176304ad1a366d395258329d78c3e39bc467542

    SHA256

    e2677519969f2082a54880fafa8b62e2af9a4249efd38290b45cd65f253efdd1

    SHA512

    8c1771733a226da14acf31dbebeeb2be1bd30565da93bfb1b929a1818cd4ddc9b910761f22bad81be19f3d89aedc0948d5869f7497cfaa1e599464ddb35a6d99

  • C:\Users\Admin\AppData\Local\Temp\Windows Loader1.exe

    Filesize

    2.1MB

    MD5

    fe3c3522989f87fd71df1ae64d95c2c5

    SHA1

    143c3ec1dfd6d60b5d6e5b77839df6166b725bc5

    SHA256

    e2453769fb16dd6eea16f14152598cb0a1bf9943e3708ec22822dfb7e70dc8b3

    SHA512

    ab8b1aeb3ba0c1754849c7445741aea54f0aa6ef3da750460418f20cbc642c625aca6e46361c6988ec54ddc1e268ae4178d5794cad45d1a36a413ca8f5630d29

  • \Users\Admin\AppData\Local\Temp\Windows Loader1.exe

    Filesize

    524KB

    MD5

    cd0057264e3af0ad4573483af6ccbc75

    SHA1

    9a980d13e76245fc6eb110eef5f8fae73878f112

    SHA256

    303241a9be455d278a722b511742838c02c127105b277f3764e8aa113d5143f2

    SHA512

    3864ee733f72fcad2b3a56e6ba8ed7fb615185a2a72cfe2c6422c01e056f274d2f18e0f0e713bc727da170767ebcbd7879a0a01cb296e7afd0ab6f5fe59eb198

  • \Users\Admin\AppData\Local\Temp\Windows Loader1.exe

    Filesize

    568KB

    MD5

    db9546997dbd84c190f57c9ffe2fb621

    SHA1

    d91e21772598a5c03ac68e83da9cab1b71005816

    SHA256

    4c3080c6c115d5214577eec912b551618fae6459930c82e5f8805a215af418d0

    SHA512

    692a044638907880de756bf83dc6a75c4d86a8c6cc2b6eff4be214daf00cba3042345e762bd0d29eaed9bd48d46c849295e326115f7fb9c6b93e9d362a04cd10

  • \Users\Admin\AppData\Local\Temp\Windows Loader1.exe

    Filesize

    1.9MB

    MD5

    b423e530ec1794a1a9c7b306e013fafc

    SHA1

    836cc4bfa4bbbf10594b0ffee8b52ed30cdf572f

    SHA256

    6d1e433d2e3032c14201c76d50f4aa9accf02b8c12465e483c4bcc5eb9d280d0

    SHA512

    985d2f332da20bbeaabac7e8958830c7184289897b5a2fc08e7548fc081926a27f73fccc7ba32c5fef0aa3b2b45396e6c38697afa97e3fe5c5cf7786663a700b

  • \Users\Admin\AppData\Local\Temp\Windows Loader1.exe

    Filesize

    799KB

    MD5

    46abb36be3352d28195d3dec52132b30

    SHA1

    aac49b28c66b22e5e3aa7669aef3102d7d17f992

    SHA256

    edfbf44ef46ed7c91d789b631ee9b336239121a23134d38a72eb06fe58fdad90

    SHA512

    8feec58fa68ffe74b5a98bf2592c94e57b67e2aec0c0e6a3de82efc62bcf36e066f2914ea9957eedeaefdb5963696ded8a0b4c6d8d9540cb39e7c793f4b5a602

  • memory/2184-6-0x00000000034B0000-0x00000000036D3000-memory.dmp

    Filesize

    2.1MB

  • memory/2184-15-0x00000000034B0000-0x00000000036D3000-memory.dmp

    Filesize

    2.1MB

  • memory/2972-19-0x00000000007E0000-0x00000000007F3000-memory.dmp

    Filesize

    76KB

  • memory/2972-41-0x0000000010000000-0x0000000010021000-memory.dmp

    Filesize

    132KB

  • memory/2972-22-0x0000000002380000-0x0000000002523000-memory.dmp

    Filesize

    1.6MB

  • memory/2972-49-0x0000000002000000-0x0000000002011000-memory.dmp

    Filesize

    68KB

  • memory/2972-73-0x0000000002020000-0x0000000002040000-memory.dmp

    Filesize

    128KB

  • memory/2972-65-0x0000000001F90000-0x0000000001FA0000-memory.dmp

    Filesize

    64KB

  • memory/2972-57-0x0000000000A80000-0x0000000000A90000-memory.dmp

    Filesize

    64KB

  • memory/2972-17-0x0000000000400000-0x0000000000623000-memory.dmp

    Filesize

    2.1MB

  • memory/2972-33-0x0000000001FE0000-0x0000000001FF2000-memory.dmp

    Filesize

    72KB

  • memory/2972-28-0x0000000000810000-0x0000000000820000-memory.dmp

    Filesize

    64KB

  • memory/2972-82-0x0000000000400000-0x0000000000623000-memory.dmp

    Filesize

    2.1MB

  • memory/2972-83-0x0000000000400000-0x0000000000623000-memory.dmp

    Filesize

    2.1MB

  • memory/2972-84-0x0000000000400000-0x0000000000623000-memory.dmp

    Filesize

    2.1MB

  • memory/2972-85-0x0000000000400000-0x0000000000623000-memory.dmp

    Filesize

    2.1MB