Overview

overview

7

Static

static

7

7488bf60cf...41.exe

windows7-x64

7

7488bf60cf...41.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7488bf60cf7668088980c90e56c7e141.exe

  • Size

    2.5MB

  • MD5

    7488bf60cf7668088980c90e56c7e141

  • SHA1

    a16d778a22f443febe1ce5fa4c6357892d31e435

  • SHA256

    3d506268666198f5ff10a3d1b47716b7c4236327eab711e12a2da2c6a3bfd9f6

  • SHA512

    e6a8ced28e88890a2d0f3d2adace47f1f683aec588de4446ca34d381ac6556a1adac743ff45e8eaa42972b2135d4b633f84a84099e5072418188e1adaa02d9c9

  • SSDEEP

    49152:c8jblXS2hj9wP6p+MYTTu/dRV2i3s0nTXO88:HjZv+MYTKlR1807OV

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • UPX packed file 23 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies data under HKEY_USERS 11 IoCs
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7488bf60cf7668088980c90e56c7e141.exe
    "C:\Users\Admin\AppData\Local\Temp\7488bf60cf7668088980c90e56c7e141.exe"
    1⤵
    • Identifies Wine through registry keys
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Modifies Control Panel
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\$$a$$.bat
      2⤵
      • Deletes itself
      PID:1592
  • C:\Windows\servero.exe
    C:\Windows\servero.exe
    1⤵
    • Executes dropped EXE
    • Checks whether UAC is enabled
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$$a$$.bat
    Filesize

    152B

    MD5

    87a94e114c2ab7fe9905351575383d8a

    SHA1

    54455baecfdec3f376982df7c00bfcb2c3b5c32f

    SHA256

    899835250215da28f362b4cc81fc4ff0c94f8dccd9bb7bb4ee2a37d909009802

    SHA512

    82c0c2a4b4ec41ef80d62c93c54c1f41f86498b639244cdad1dbfc64a157a8e02040096e7083e15035410b3962854719bee7dc18a1932ee8bfd86ea9b898b623

    Download Submit

  • C:\Windows\servero.exe
    Filesize

    2.2MB

    MD5

    9028767b8e7afd5cd83667721b7a1842

    SHA1

    bcb5fa37961aacb9e573172415e5a280488cae6e

    SHA256

    335034da7731d6c410c5c4763a8d00f79279722b68741bbbe6f6f1d0353d522c

    SHA512

    4a5a32129edf372c338911b289aa2b624621f6273a5d104eb9fc6b6801c168553bf01304bad8e64f8089dd543e68b8431d35346804e6e0446d96ca4064612f0f

    Download Submit

  • C:\Windows\servero.exe
    Filesize

    1.7MB

    MD5

    1f02577f45aa02d4bd22e8722d61c75e

    SHA1

    fd8920fc67d35b011345695c7a1d1291b5cdbca6

    SHA256

    1436cdbe95112e0edab2f5acb145dc4c4f0ea616e99e140d9dc79139d95458d9

    SHA512

    440f069c945683744b3828740a9fbdee66947a9181167e99c119cbb37de3c7064058f3ae0d27fa50e0afe6d4133f29e08cd80c80c94196ca8f8c4c83b9a60e46

    Download Submit

  • memory/1068-0-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1068-13-0x0000000004230000-0x0000000004231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-20-0x00000000041B0000-0x00000000041B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-19-0x0000000004110000-0x0000000004111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-18-0x0000000004040000-0x0000000004041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-17-0x0000000004190000-0x0000000004191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-16-0x00000000040E0000-0x00000000040E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-15-0x00000000040A0000-0x00000000040A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-14-0x0000000004050000-0x0000000004051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-12-0x00000000041F0000-0x00000000041F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-11-0x0000000004100000-0x0000000004102000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1068-10-0x0000000004060000-0x0000000004061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-9-0x00000000040B0000-0x00000000040B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-8-0x0000000004090000-0x0000000004091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-7-0x0000000004180000-0x0000000004181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-6-0x0000000004130000-0x0000000004131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-5-0x0000000004140000-0x0000000004142000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1068-4-0x0000000004120000-0x0000000004121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-3-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1068-33-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-22-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-34-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-35-0x0000000004130000-0x0000000004131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-38-0x00000000041A0000-0x00000000041A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-45-0x00000000040A0000-0x00000000040A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-48-0x0000000004120000-0x0000000004121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-47-0x00000000041B0000-0x00000000041B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-49-0x00000000040F0000-0x00000000040F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-53-0x0000000004200000-0x0000000004201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-54-0x0000000004220000-0x0000000004221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-52-0x00000000041E0000-0x00000000041E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-51-0x00000000041D0000-0x00000000041D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-50-0x0000000004020000-0x0000000004022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2380-46-0x00000000040E0000-0x00000000040E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-44-0x0000000004040000-0x0000000004041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-43-0x0000000004210000-0x0000000004211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-42-0x0000000004110000-0x0000000004111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-41-0x0000000004050000-0x0000000004051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-40-0x00000000040B0000-0x00000000040B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-39-0x0000000004090000-0x0000000004091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-37-0x0000000004150000-0x0000000004151000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-36-0x0000000004160000-0x0000000004162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2380-56-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-57-0x0000000004070000-0x0000000004071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-58-0x0000000004080000-0x0000000004081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-59-0x0000000004190000-0x0000000004191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-60-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-61-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-62-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-63-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-64-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-65-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-66-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-67-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-68-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-69-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-70-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-71-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-72-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-73-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2380-74-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download