Overview

overview

8

Static

static

7

5a782ce16e...73.exe

windows7-x64

8

5a782ce16e...73.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-01-2024 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a782ce16ef49ee2f25d0418c4db8073.exe

  • Size

    14KB

  • MD5

    5a782ce16ef49ee2f25d0418c4db8073

  • SHA1

    6c6a0c3662a3b7154e7f72873d14e9350b18c53f

  • SHA256

    a2548e76f3a77c3adbb90b4fc5289d497a1fb02a716fab23b41f009dca9b6bad

  • SHA512

    955194579c9c0d6c6d1a94f524f785e93fdf1e9791ec402fc6db6a030d158dc312eaeb59a2ea9cc47fd5cc016b358f4e735f6e853e99a90f4faa8cfc7c01b06c

  • SSDEEP

    192:VZIq1daM0qvu9gLodc6zzd/+ZUCxZt3oBxo7c+gDtJsvObqjVkfycH:vIqX70qvu9zm6zzEZYDKitJfbNd

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a782ce16ef49ee2f25d0418c4db8073.exe
    "C:\Users\Admin\AppData\Local\Temp\5a782ce16ef49ee2f25d0418c4db8073.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\delnicep.exe
      C:\Windows\system32\delnicep.exe ˜‰
      2⤵
      • Executes dropped EXE
      PID:3272
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\5a782ce16ef49ee2f25d0418c4db8073.exe.bat
      2⤵
        PID:2408

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\5a782ce16ef49ee2f25d0418c4db8073.exe.bat
      Filesize

      182B

      MD5

      759c7cb7e7c4901352803cea41e951ff

      SHA1

      67906219861f75fb94105e67f3bb92d17c91c252

      SHA256

      db8232bedf8c9b9df4c97c88aa31368d9d0770b935c5c5603617818917ffdb9c

      SHA512

      00ce9733b50af1e82af0976f0a609b70a7a76626911282fe9ded8f1ed1e687250d02c2a10be2358f13e860ff67a8c054337fc12166f84a5242c5990b921a8329

      Download Submit

    • C:\Windows\SysWOW64\delnicep.exe
      Filesize

      14KB

      MD5

      5a782ce16ef49ee2f25d0418c4db8073

      SHA1

      6c6a0c3662a3b7154e7f72873d14e9350b18c53f

      SHA256

      a2548e76f3a77c3adbb90b4fc5289d497a1fb02a716fab23b41f009dca9b6bad

      SHA512

      955194579c9c0d6c6d1a94f524f785e93fdf1e9791ec402fc6db6a030d158dc312eaeb59a2ea9cc47fd5cc016b358f4e735f6e853e99a90f4faa8cfc7c01b06c

      Download Submit

    • memory/1988-0-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1988-6-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3272-7-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download