Overview

overview

10

Static

static

7

74331fc1a0...72.exe

windows7-x64

10

74331fc1a0...72.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74331fc1a01348185f62475ee5471472.exe

  • Size

    1.4MB

  • MD5

    74331fc1a01348185f62475ee5471472

  • SHA1

    9c03c6dfc9786dfb960e5d4b1bd6db4fe5a036b2

  • SHA256

    d2c38cecf49e55b35607cb0407a427fc6c0003909038466c8242120703fc7202

  • SHA512

    114069ecf6ba1ff2b101cc6c86de3a5a95ae9b0e7517fdabda057507fcf4ccf76e87516ba019666504f57abbfb011dad3bfa87382d88f74bb913eb81af63fa32

  • SSDEEP

    24576:BzMhy7MCOI7QAJcJpItV8xjPhrmR4Y4ptRNEg2JUYnbuR656+3xCu8kjfaY:BBMCOIBWOtmxjPkyYElOUK6R6pou1fB

Score
10/10
evasionpersistencetrojanupx

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Disables Task Manager via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\74331fc1a01348185f62475ee5471472.exe
    "C:\Users\Admin\AppData\Local\Temp\74331fc1a01348185f62475ee5471472.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\GBTR_SENTRA.exe
      "C:\GBTR_SENTRA.exe"
      2⤵
      • UAC bypass
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • System policy modification
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GBTR_SENTRA.exe
    Filesize

    455KB

    MD5

    0a33e4e29028239d73eacff70bcab7e9

    SHA1

    70c2e1836acaab5d4b2c3a06822cd865ca4e077f

    SHA256

    e48d42793e05f745a3513cf63a0be24cddcfbd1317baad75d75afd135f39a9d9

    SHA512

    538c647eb7d69f02d81c65154b7f2bca2f416ca5daaefc60e401d06168950cfbcbf7ef439f6ff973b1678863378a0c32ac0ab85f8be755f48c7cd98b267d0bc5

    Download Submit

  • C:\GBTR_SENTRA.exe
    Filesize

    492KB

    MD5

    e49531fc58972e4219ca478f8538d222

    SHA1

    b81f0cdf0990a44cc0cf8a8ddd60b0c5b727f117

    SHA256

    a71cde1f272296ea0e409fc5ced1d7b6289ac551ba2bedcac6116315c599baf2

    SHA512

    58a63044bd960459d6edb9278f6d6c696d184e404f4b8bcec551792a11a9973e850255f55832ef80de38d2e12017176624754c72aacbde23f564a76adb7cdbb9

    Download Submit

  • C:\GBTR_SENTRA.exe
    Filesize

    403KB

    MD5

    7bb7f6f91467b518eeb3fcd2846e034b

    SHA1

    d429c319be34693a8fead40638495dfbeadc3f16

    SHA256

    1c01d850e3b16d97cb62df0aedfd2217221fd802ad14fc6a2640ca41a4c00781

    SHA512

    38a7e8ece999162d42d50406aa7c066de5357fa1b8eff3e32dc791d8dba3c2c836758d29a400bf7c877db5d46fe97fd4253d67e894aef82b58e0332fc2015def

    Download Submit

  • C:\libmySQL50.dll
    Filesize

    398KB

    MD5

    cf29b6a1fabaadbc484b18018bdceae8

    SHA1

    57b7b0cf95e0b45b244135cb47602939abe12b52

    SHA256

    40693e09cb6df1aee721c9c74a8ead967cccf48dabeab7fa3a9ad3f930a152e2

    SHA512

    761528beb7e447f38251d3001f696098d730cef0b557c8c7e187bfcff8c15800735ce7fbe41badb2bd0d33eaf896fcd32f59f1e2d89483d3b8636b89325ae8d7

    Download Submit

  • memory/2204-25-0x0000000003660000-0x00000000038B0000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2204-14-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2204-0-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2204-3-0x0000000000240000-0x0000000000264000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2204-1-0x0000000000240000-0x0000000000264000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2204-15-0x0000000003660000-0x00000000038B0000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2204-2-0x0000000000240000-0x0000000000264000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2536-20-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2536-19-0x0000000000400000-0x0000000000650000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2536-18-0x0000000000EB0000-0x0000000001100000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2536-23-0x0000000000400000-0x0000000000650000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2536-17-0x0000000000EB0000-0x0000000001100000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2536-26-0x0000000000EB0000-0x0000000001100000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2536-27-0x0000000000400000-0x0000000000650000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2536-28-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2536-33-0x0000000000400000-0x0000000000650000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2536-34-0x0000000000400000-0x0000000000650000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2536-35-0x0000000000400000-0x0000000000650000-memory.dmp

    Filesize

    2.3MB

    Download