36d0dd8b99f9e768c179dae73ba1f0f66216a571f8dc9036f5b85da32fbff4c2

Analysis

max time kernel
96s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a430325665ed55d6e7390625792e9c4b.exe
Size

105KB
MD5

a430325665ed55d6e7390625792e9c4b
SHA1

100d8cff0bbdcda60b74453e0d1407c948b19d5f
SHA256

36d0dd8b99f9e768c179dae73ba1f0f66216a571f8dc9036f5b85da32fbff4c2
SHA512

d1f86136d5f511e9a2a4125d49d53cb4610ef4e9b3ab936283b57b016b40edcf71ac5058b13e2715670efcd8d04ce31ed6684cd3d012c70a2b033e8b8e5945f3
SSDEEP

3072:suAF7wfceg1+xcKT3QqJiMSAQKWYrFtzEz:svjegMVjQqJilAQKWQE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4288-1-0x00000000001C0000-0x00000000001E0000-memory.dmp	upx
behavioral2/memory/4288-2-0x00000000001C0000-0x00000000001E0000-memory.dmp	upx

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\jAva\4D1B90FDDF6B.dll	a430325665ed55d6e7390625792e9c4b.exe
File created	C:\Windows\jAva\4D1B90FDDF6B.exe	a430325665ed55d6e7390625792e9c4b.exe
File opened for modification	C:\Windows\jAva\4D1B90FDDF6B.exe	a430325665ed55d6e7390625792e9c4b.exe
File created	C:\Windows\1.bat	a430325665ed55d6e7390625792e9c4b.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\FOXGENE	a430325665ed55d6e7390625792e9c4b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\FOXGENE\FoxRegInfo = "-foxgood-"	a430325665ed55d6e7390625792e9c4b.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\FOXGENE	a430325665ed55d6e7390625792e9c4b.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 2376	4288	a430325665ed55d6e7390625792e9c4b.exe	87
PID 4288 wrote to memory of 2376	4288	a430325665ed55d6e7390625792e9c4b.exe	87
PID 4288 wrote to memory of 2376	4288	a430325665ed55d6e7390625792e9c4b.exe	87
PID 4288 wrote to memory of 1876	4288	a430325665ed55d6e7390625792e9c4b.exe	94
PID 4288 wrote to memory of 1876	4288	a430325665ed55d6e7390625792e9c4b.exe	94
PID 4288 wrote to memory of 1876	4288	a430325665ed55d6e7390625792e9c4b.exe	94
PID 4288 wrote to memory of 4836	4288	a430325665ed55d6e7390625792e9c4b.exe	95
PID 4288 wrote to memory of 4836	4288	a430325665ed55d6e7390625792e9c4b.exe	95
PID 4288 wrote to memory of 4836	4288	a430325665ed55d6e7390625792e9c4b.exe	95

C:\Users\Admin\AppData\Local\Temp\a430325665ed55d6e7390625792e9c4b.exe
"C:\Users\Admin\AppData\Local\Temp\a430325665ed55d6e7390625792e9c4b.exe"
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 1.bat
  2⤵
  PID:2376
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 1.bat
  2⤵
  PID:1876
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\1.bat
  2⤵
  PID:4836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.bat

Filesize
24B

MD5
0608ba41e5d21113be54070dfdac5bde

SHA1
a14f1569aa6024a15f1c0f0d56ef51c8dbbfd399

SHA256
58ec73854e64a53c70a429696f10403f117dec0ddc1c590b40cfd7d9b58b1375

SHA512
c104ce0b9f28a17668b0eff2e3f7d1d6de6f7caaec4686bb9c3a2c6d84048388f1b28b17bda896d762c5d2d920d8be05baf1d13078c8ccd97c0b8c6e43824786

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.bat

Filesize
24B

MD5
1e5801c13f70fce22b145403f7bc614b

SHA1
3364c699bf11e4aa1c14901c44117283238b8397

SHA256
e65ba66a8ed33b8db842178592b9d239de1fcb92ba927418bf370242f1dc2bdb

SHA512
3ab4e7feaea87036301c4a8dcded2ff0ccb91709924f54c0dfed01290c5e18fd0c1393515d3aad0cf8348d9d3f071efb5d40b61f18c61b1ed2d5a130d2c7179f

Download Submit
C:\Windows\1.bat

Filesize
184B

MD5
e0dd54b53013d09ac62bf87407ec145e

SHA1
28afda474067559d9bad864e3e5a7a9995e0ebe9

SHA256
461ffa20f2554b41d8dd72e4172b20d723b98c4b99dd8ef88320cecd18d19fd6

SHA512
a653cb4f436be1a6ac316fe60a5cdc9d2b1267e4bd505fb68bf80c38e84bfcf21d0733e856407b55c3ce60ec879269262b0ad05551bd09d7c42b1e6b802a201f

Download Submit
memory/4288-0-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/4288-1-0x00000000001C0000-0x00000000001E0000-memory.dmp

Filesize
128KB

Download
memory/4288-2-0x00000000001C0000-0x00000000001E0000-memory.dmp

Filesize
128KB

Download
memory/4288-3-0x0000000000760000-0x0000000000780000-memory.dmp

Filesize
128KB

Download
memory/4288-7-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/4288-13-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download