Overview

overview

7

Static

static

7

9bff3161ac...0d.exe

windows7-x64

7

9bff3161ac...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    89s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9bff3161ac8a4a229d8a9ad8a68a560d.exe

  • Size

    352KB

  • MD5

    9bff3161ac8a4a229d8a9ad8a68a560d

  • SHA1

    166baa491e396e6f29126f4bc1762477e405c8a1

  • SHA256

    96905d07894693de753a5654ad2d9581cecf2811ba4b23ba6d7807b81ff387c9

  • SHA512

    3e23b03281ac92a94db4f1076e4bb0b19f79e1c5a7bcf6e8f5db408c0d518e45927b94e5982c8ae7612a25281e5d12b29ad42bf89eaecfd1b5fc8bf178c104f7

  • SSDEEP

    6144:sNLv9CFG2xVbMH3lTTZ9lDhbMsSs/wOjx0lgaZ86EVaiJMfp8M6lOltMWhoS:sNLT2rMHVrbMsTWlgKDEVvWKTOltNoS

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9bff3161ac8a4a229d8a9ad8a68a560d.exe
    "C:\Users\Admin\AppData\Local\Temp\9bff3161ac8a4a229d8a9ad8a68a560d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\ProgramData\oP01804NaImD01804\oP01804NaImD01804.exe
      "C:\ProgramData\oP01804NaImD01804\oP01804NaImD01804.exe" "C:\Users\Admin\AppData\Local\Temp\9bff3161ac8a4a229d8a9ad8a68a560d.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\oP01804NaImD01804\oP01804NaImD01804.exe
    Filesize

    352KB

    MD5

    028f829bc7cee3999e01e48ce6400776

    SHA1

    bb50dde1d55750ab8b19cb753d6359f8b4f91622

    SHA256

    02e928b3ec43e5d3d392025ba0512877535230eded5acf04294818277bd8392f

    SHA512

    7a8991c9999b30e6e14e2396399cb3b88b5607039499047cc49d4994476ce0efd58aed3123730a034b3c8103d1491365b587199a9d8cc40d8d6a1e6330dc9dc8

    Download Submit

  • memory/1960-15-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1960-22-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1960-25-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2280-0-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2280-1-0x0000000002310000-0x00000000023B5000-memory.dmp

    Filesize

    660KB

    Download

  • memory/2280-2-0x0000000000AC0000-0x0000000000B13000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2280-8-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2280-16-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download