Overview

overview

10

Static

static

10

VirusShare...d5.exe

windows7-x64

9

VirusShare...d5.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 22:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare-007257eceaceb87c84ac1d75decb6fd5.exe

  • Size

    327KB

  • MD5

    007257eceaceb87c84ac1d75decb6fd5

  • SHA1

    3446b0d7bfe20fced963bbc15506f394ffa6984f

  • SHA256

    8927ec9212d9d891afa49822761ab726a9a5de1c2938692c25709ec3e80b96a2

  • SHA512

    42bfb70bbb8b611fd6603c147e5cd43945c94fb90a6b7a8155dda5218a3f2815c38a74305b3dc1b4f6e054015975cee36683b2014e7cef46856f30e35b3b8d12

  • SSDEEP

    6144:Q1db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59kIN/zJ:QjkArEN249AyE/rbaMct4bO2/V9l

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare-007257eceaceb87c84ac1d75decb6fd5.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare-007257eceaceb87c84ac1d75decb6fd5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Users\Admin\AppData\Local\Temp\server.exe
      C:\Users\Admin\AppData\Local\Temp/server.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 88
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\server.exe
    Filesize

    33KB

    MD5

    f560832f5c715b27f635e4be7d93fefe

    SHA1

    2a4219fad5c7f42d7fe05969551abdae0c4574cd

    SHA256

    c0e6392d10fc80bb1c7b7690f2b9a34bef252b241e947a55a3c3246d19fa1988

    SHA512

    cf12a232718de4cb5a5916c6b36132780dc1c5ff3e645b038300c7b267fd1b145e79172a0785e7bf683610e231ba58c257bae1bd552f93cb5cca8618fbd6580d

    Download Submit

  • memory/2124-0-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2124-15-0x00000000001E0000-0x00000000001ED000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2124-14-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2124-9-0x00000000001E0000-0x00000000001ED000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2124-24-0x00000000001E0000-0x00000000001ED000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2656-17-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download