Overview

overview

7

Static

static

3

7bc7b7eeda...1a.exe

windows7-x64

7

7bc7b7eeda...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-01-2024 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bc7b7eedab2c54160dc8b924dd8b21a.exe

  • Size

    43KB

  • MD5

    7bc7b7eedab2c54160dc8b924dd8b21a

  • SHA1

    79fa5a9c92c9f16700f3e62c24f85c4df905ed16

  • SHA256

    a387ae31984a0a16fb261c24c95dd24aa6d68aeead270dea99696fd6e4dd7e2d

  • SHA512

    6d31cf95118771837fc73f8ceff4b0a5902a8dbb8fb9bc051c4db7256ac59206cebe2f3421691dec796b0d4de3c5ad720ea1e08aab49faee371b927ff5637bdd

  • SSDEEP

    768:VvGUubdwHyyWbnQpcvvibQUet1NTx/C07GPd:VuDKyBb4cvvibQbtbxq2GPd

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bc7b7eedab2c54160dc8b924dd8b21a.exe
    "C:\Users\Admin\AppData\Local\Temp\7bc7b7eedab2c54160dc8b924dd8b21a.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\7BC7B7~1.EXE >> NUL
      2⤵
        PID:2684

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\JBn2ypqY23vWX.dll
      Filesize

      19KB

      MD5

      ede5e86136966202136fc448d19dbc97

      SHA1

      0d5147104a757b215226a7c3805584894ef8e28a

      SHA256

      54caaa401ec268b0d3bb5f5a336b7bcbc394519c81664994c9a8041b3d6ccff1

      SHA512

      02cfada874011dc8520511d1646610db6b6a4367c32b41a5c39b8a8c68c7d2b9e283bf3fc10daa88ef0522f608b320b8f5f501d666e4d3d73838a24e154bf95f

      Download Submit

    • memory/2276-6-0x0000000010000000-0x0000000010012000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2276-7-0x0000000010000000-0x0000000010012000-memory.dmp

      Filesize

      72KB

      Download