Overview

overview

10

Static

static

7

75098fcc2a...fd.exe

windows7-x64

7

75098fcc2a...fd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75098fcc2a67552f7b460586397e28fd.exe

  • Size

    80KB

  • MD5

    75098fcc2a67552f7b460586397e28fd

  • SHA1

    f27e20f7e8031bdfa825642c9ce2f0f1a8ab2a21

  • SHA256

    7f295a18bd5eca0a4584f31fdf3d567bdfa80f6602dd5819d331f349bf4ba150

  • SHA512

    da2021ed4a5a7927278df1f5e1e3413fbf15babcc55d4840bb6200d4c73cf8897621e9aee06e6db54095015902e21c86ba36923eb335b89ed7a613acf72a2e97

  • SSDEEP

    1536:+zWsWHRwXZGZjq+UCh7YEPs6+tVZuvicmEY5:+zyHR6GZjqUhnk5iiWY5

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies WinLogon 2 TTPs 6 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 53 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1216
      • C:\Users\Admin\AppData\Local\Temp\75098fcc2a67552f7b460586397e28fd.exe
        "C:\Users\Admin\AppData\Local\Temp\75098fcc2a67552f7b460586397e28fd.exe"
        2⤵
        • Modifies WinLogon
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1940

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1216-61-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-2-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-56-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-57-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-59-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-58-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-60-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-64-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-62-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-63-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1216-65-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1940-0-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download
    • memory/1940-130-0x0000000013150000-0x0000000013185000-memory.dmp
      Filesize

      212KB

      Download