Overview

overview

7

Static

static

7

86447b8042...33.exe

windows7-x64

7

86447b8042...33.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 07:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    86447b80427974862f7388efe8675133.exe

  • Size

    419KB

  • MD5

    86447b80427974862f7388efe8675133

  • SHA1

    5a8cbb5771ac82fb0eba1a886ae0357581277f6f

  • SHA256

    39b8cc32d4614148aa546ff23f1eec042e916f34b5a8501ffe3364a319fd8fbb

  • SHA512

    a6aa76330516f23be1939b6662f6f6b059d45b955ba0756be9daa163ff4b386a2dc3f4587d5a2b62018c12adfe7c10373568ae2bcebcc33c8232561b399d6681

  • SSDEEP

    12288:7jtju6APFo38dPbUpLbQJNBWQ4m7ooX1w:rAPq3SbUeXT7oO1

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 8 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86447b80427974862f7388efe8675133.exe
    "C:\Users\Admin\AppData\Local\Temp\86447b80427974862f7388efe8675133.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Users\Admin\AppData\Local\Temp\86447b80427974862f7388efe8675133.exe
      "C:\Users\Admin\AppData\Local\Temp\86447b80427974862f7388efe8675133.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\programdata\messengerplus\mplayer2.exe
        "C:\programdata\messengerplus\mplayer2.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2860
        • C:\programdata\messengerplus\mplayer2.exe
          "C:\programdata\messengerplus\mplayer2.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:2880

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\MessengerPlus\mplayer2.exe
          Filesize

          249KB

          MD5

          3f57dee907e37d568cfa8e132093eecf

          SHA1

          6effb8070810cff40fa35b28f606183ac7a1c771

          SHA256

          7f0a2e7c1e06b6888e424619f9d9ee8e630d58d75106b8e7917aff9406267ecb

          SHA512

          700f51b32713caef70d8e364f53b8cc887ed4f39fe727629979216d51ac030e175a4aa5adffef07cb7880a8cb46c5db853e9b3c6eae4dad19ca9b71a401b9dfe

          Download Submit

        • C:\ProgramData\MessengerPlus\mplayer2.exe
          Filesize

          419KB

          MD5

          86447b80427974862f7388efe8675133

          SHA1

          5a8cbb5771ac82fb0eba1a886ae0357581277f6f

          SHA256

          39b8cc32d4614148aa546ff23f1eec042e916f34b5a8501ffe3364a319fd8fbb

          SHA512

          a6aa76330516f23be1939b6662f6f6b059d45b955ba0756be9daa163ff4b386a2dc3f4587d5a2b62018c12adfe7c10373568ae2bcebcc33c8232561b399d6681

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\R8OIElm1vxRRz
          Filesize

          68KB

          MD5

          8d079185f12af41b56fffcc002dc12a4

          SHA1

          ff644a414295c18d730a2c747fa941fe227d8ba9

          SHA256

          cf98fcb82bb403af7467ef6029298aacc064b32f105e4e110200bf7346ff8ae9

          SHA512

          c8e25aa47ae8b4966fbfb8590b065eb27c5de2d690f4614a1d476087d9ba1b13feae5b0f25bdb924d74b659091add841cc967279d66e7a30d0eb06bf4e70ac89

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\R8OIElm1vxRRz
          Filesize

          49KB

          MD5

          8acda958959bc636ff7826aebfca0a42

          SHA1

          3a12d74f9bbb95b95d0b4f4f8e4cef501efa397c

          SHA256

          b0444fae95da427fcb9aea845abbe14d93ec0dceef12cf91dd1646247239834c

          SHA512

          d7f617d688750dfe755c1c17c7e59b280645d49764b593b1cb46c92ed7d885d6a31781e392f9a28069cfe84a94d5faa1f21f7f30a104aad67a00e7066491afce

          Download Submit

        • C:\programdata\messengerplus\mplayer2.exe
          Filesize

          337KB

          MD5

          8fac9cf6e963209e7b61d56c3896c515

          SHA1

          67ad2c4294bf0e80859ae5bd3466c9ef4a3d52fc

          SHA256

          8bec5ba7dcc48145cf6de3dbbc3d60d3f659fb1afe0f60176e51445a03824e72

          SHA512

          c2dd508ba2bb8385cf16e88c2e0abe5babc077a798f92a37beb1955f4c0d153fa55e805809dbef10b100e038802f057b4999bc0fdf4d307641abf7c5ec058869

          Download Submit

        • \ProgramData\MessengerPlus\mplayer2.exe
          Filesize

          214KB

          MD5

          53fef03691b1056173dac4f5c14c0a07

          SHA1

          3fde735da287dd66207d1970a5121eab826c22cb

          SHA256

          f6b899640abb5ec0931c7b27c4c93a1ed7d20276a671627d0b479f9200b819c0

          SHA512

          a1d47b23aa46fd32eefec2d1b996ab0b1016678cf5c95dd9647a8082f5844594f17366bf22e330bbc6843116f7ece0a4af58da8a80ce06f3765ac824f96433c6

          Download Submit

        • memory/1992-0-0x0000000000400000-0x00000000004FE000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/1992-1-0x0000000000400000-0x00000000004FE000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/1992-9-0x0000000000400000-0x00000000004FE000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/1992-13-0x0000000003780000-0x000000000387E000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/1992-18-0x0000000000400000-0x00000000004FE000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/1992-19-0x0000000000400000-0x00000000004FE000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/2856-29-0x0000000003310000-0x000000000340E000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/2856-14-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-32-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2856-21-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2856-16-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2856-20-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2856-10-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2860-31-0x0000000000400000-0x00000000004FE000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/2860-48-0x0000000000400000-0x00000000004FE000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/2860-33-0x0000000000400000-0x00000000004FE000-memory.dmp

          Filesize

          1016KB

          Download

        • memory/2880-55-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2880-72-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2880-73-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2880-74-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/2880-76-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download