ef7b4431d83716af333e170f56b3b2582b91719cb465bec32a0739bc3d5654e1

Analysis

max time kernel
141s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a67b666ee86685c26ac477d500d3032.exe
Size

116KB
MD5

7a67b666ee86685c26ac477d500d3032
SHA1

48bd74f60b67acf83fcd6477da2e013ff032aec8
SHA256

ef7b4431d83716af333e170f56b3b2582b91719cb465bec32a0739bc3d5654e1
SHA512

02ece3e1a36f2206ad77dc1d5e5ef16a97ae1808336f08caecd3c05eaf97e62994e3721cf54114ce1516da66dabd6f01b2ca9d5dfbe0786afda47208a95e2ef0
SSDEEP

1536:c4bW/4Wf4wFOnKwohtameRhWSHw+Vzy5tOLmGVyf4WFiKgexw:cj/4Wf4/n/h7NVe5oPlWw3

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5096	QuickSFV.EXE

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4520-0-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral2/files/0x00060000000231fa-10.dat	upx
behavioral2/memory/5096-14-0x0000000140000000-0x0000000140835000-memory.dmp	upx
behavioral2/memory/4520-15-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral2/memory/5096-16-0x0000000140000000-0x0000000140835000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 2440	4520	7a67b666ee86685c26ac477d500d3032.exe	85
PID 4520 wrote to memory of 2440	4520	7a67b666ee86685c26ac477d500d3032.exe	85
PID 2440 wrote to memory of 5096	2440	cmd.exe	86
PID 2440 wrote to memory of 5096	2440	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\7a67b666ee86685c26ac477d500d3032.exe
"C:\Users\Admin\AppData\Local\Temp\7a67b666ee86685c26ac477d500d3032.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Windows\system32\cmd.exe
  C:\Windows\Sysnative\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8YV03B12.bat" "C:\Users\Admin\AppData\Local\Temp\7a67b666ee86685c26ac477d500d3032.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\qbE5740A3.13\QuickSFV.EXE
    C:\Users\Admin\AppData\Local\Temp\\qbE5740A3.13\quicksfv.exe "C:\Users\Admin\AppData\Local\Temp\masquerade.md5"
    3⤵
    - Executes dropped EXE
    PID:5096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8YV03B12.bat

Filesize
220B

MD5
e87299d68afd62b912bc11ac90a84f62

SHA1
1de5180556d84dc77b8481b396dd484ebbf4676e

SHA256
f238708293517c53fdacea6ef6163ec871dbbaece3780167b8fa8bf862e59d4f

SHA512
9bcc4b1f83905d41c6e2f24c2c485dc773d332cab07c1332d698a9975d298a4c62daafa1d5be8453eca50aca38d3485d9f6309c328a787c56b62bd1efb182d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbE5740A3.13\QuickSFV.EXE

Filesize
59KB

MD5
76548b6c5240b1d80ae12aa84cb00cef

SHA1
53d4a3d11ceb4a2120959feca758399f78650382

SHA256
2e1605c4e6d41060bcd407f3758f19d07ac460b0d73a2321815d6aafc54243c4

SHA512
6dcf821b7d3492210ed2b3b6e1437b5c32f5b019c4aed5700b110c169229c60a2008184abc1ca64abde48a6261ea730f895755ffde54afd0cdf2bff3e3867576

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbE5740A3.13\QuickSFV.ini

Filesize
146B

MD5
81615e558efae57c90b5203844c44687

SHA1
c1d60e19ce3af1112c61eb9a25ba002bb9d96ee6

SHA256
f39d7cca07b7b66d35e35ebe7c8424bf20e1535a4f1fb9456040e24f1212bc03

SHA512
d3cbabed88709ba266676cee936a9062687ad5c8cf453dc2199fdc0d48e08775822d2944bf9d66be5c31306102e7ff71d16e5059c4da59bb73571efecb98edfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbE5740A3.13\masquerade.md5

Filesize
323B

MD5
4a961e7c1e174a4a64e784a76ea7fdbe

SHA1
0935945179a0beef53ff86b8fa0084066dbc248c

SHA256
aaebd532ac1a688d17c1a8ff99b07ae15a13bf50a861feb8ceace6bc4c0d3e40

SHA512
ad9918d7b348ad49ab365d77b18c54883e7541d17d0f6e0907e46e1e14db3e3b2514eaaaa91755658863e6fae83a51d7b5081d5133ae2dc1ea961b49a2a0d65a

Download Submit
memory/4520-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/4520-15-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/5096-14-0x0000000140000000-0x0000000140835000-memory.dmp

Filesize
8.2MB

Download
memory/5096-16-0x0000000140000000-0x0000000140835000-memory.dmp

Filesize
8.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads