Overview

overview

7

Static

static

3

b40399f629...7a.exe

windows7-x64

7

b40399f629...7a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-03-2024 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b40399f6290ec009081bd86071c93a7a.exe

  • Size

    451KB

  • MD5

    b40399f6290ec009081bd86071c93a7a

  • SHA1

    2e8968a738d40853ce96a7a98f001d9bc5a507b2

  • SHA256

    1eb53c2e287c6d193b6842b689437219dc5907bd779be2ce3c1f957e0ced7766

  • SHA512

    420e1d2794ffb8494b2cf2dad149b33948bf08b52ff09512f3e5c56dd05b4d2f79e56cbc72a2e4c574552c9c06b8363c64bae9b404fb5093115ce10a23643d9b

  • SSDEEP

    6144:jP43u29BthZ7L6CqHx8A5aIJCxpmHZR1NAksNBfkvmYwU1dQGw2pCFdimAeqmwr:rE9vX88A5aI3HZ99sXMuYtv7pD3

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b40399f6290ec009081bd86071c93a7a.exe
    "C:\Users\Admin\AppData\Local\Temp\b40399f6290ec009081bd86071c93a7a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\ProgramData\bB06501GeLaO06501\bB06501GeLaO06501.exe
      "C:\ProgramData\bB06501GeLaO06501\bB06501GeLaO06501.exe" "C:\Users\Admin\AppData\Local\Temp\b40399f6290ec009081bd86071c93a7a.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\bB06501GeLaO06501\bB06501GeLaO06501
    Filesize

    192B

    MD5

    a399e6e00323b9e2abf378091fce10d1

    SHA1

    795b15216a7bfcc0ae3ffccf2c8cab6117cab579

    SHA256

    fe63637b68c9892440e5903268ec54ca4ddb4f2b73eafc9c2ad114cdc6ddfb4a

    SHA512

    ecbdb6246f506087fc56da186eb79569a706c8eeb67f22179a52f58e7f85ad6d045fd73a1788edbcf5da9856d7b2a0401ccc40f67374a3eec90ddba4caf4da29

    Download Submit

  • C:\ProgramData\bB06501GeLaO06501\bB06501GeLaO06501.exe
    Filesize

    451KB

    MD5

    a04b2dc2fa62bec4670988f629ffea4a

    SHA1

    3c2b524fca46a7e9465dc5e8444ec920e85e7ca9

    SHA256

    1746b3a0574bc467f59eb61cb3c5a8c7f2f9061b3b5897ce16df63fbc4d7e0a0

    SHA512

    7ec6260d46851bb8b577abebf2ac861ec899b641beece8ee13b80d3e679e4cc75f3f64fda302e9a98f3e710dc13e58b00e2bd2e17839e00f2a663d50fe0f7bae

    Download Submit

  • \ProgramData\bB06501GeLaO06501\bB06501GeLaO06501.exe
    Filesize

    256KB

    MD5

    44d43f90dc32b04600151700c3510e88

    SHA1

    10829d6daad4f7c809e9c1ba6818607f7687aad3

    SHA256

    091be8902956db759cfbf43370bae11bd01db8ef3549ad04883973903b92ca2c

    SHA512

    36c01aeea4254e0ae9807af45eb06878cbd8d7185f8a9395b61b01cb8f9a7fb9fcf6e18c19d73001048b5d9cfddc5e7ed21156ee3b011f8f05f3dddd4b962310

    Download Submit

  • memory/2232-1-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2232-2-0x0000000000690000-0x0000000000790000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2232-17-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2788-20-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2788-21-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2788-30-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2788-32-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2788-40-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download