Overview

overview

10

Static

static

10

c6931330ac...67.exe

windows7-x64

9

c6931330ac...67.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6931330ac5b1674f9b2c3691f2c061b51066839622a49a97f4608a3959e1767.exe

  • Size

    4.1MB

  • MD5

    46ce83fd31d1b64c184e4307862dbc11

  • SHA1

    b5937bc379c27a4c48d2c34d542afbd2da71bf59

  • SHA256

    c6931330ac5b1674f9b2c3691f2c061b51066839622a49a97f4608a3959e1767

  • SHA512

    70db9fbd15f87943af49b3173118ee186bdcd24d69db378cf4c2c127eb2074a86180f3a122846fbf25a06e2d5733040b2e971332dabc4548105d1d4f5780c1df

  • SSDEEP

    98304:DjezfWnQE225WlxBP1FTHPwY7hSzmL26WPm4I4pDyD:3e8QEOtFozl6WPm4lFo

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 39 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 40 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6931330ac5b1674f9b2c3691f2c061b51066839622a49a97f4608a3959e1767.exe
    "C:\Users\Admin\AppData\Local\Temp\c6931330ac5b1674f9b2c3691f2c061b51066839622a49a97f4608a3959e1767.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3356
    • C:\Users\Admin\AppData\Local\Temp\c6931330ac5b1674f9b2c3691f2c061b51066839622a49a97f4608a3959e1767.exe
      "C:\Users\Admin\AppData\Local\Temp\c6931330ac5b1674f9b2c3691f2c061b51066839622a49a97f4608a3959e1767.exe" -gpipe \\.\pipe\PCommand97zwkiwgiqjusjhie -gui
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4400
    • C:\Users\Admin\AppData\Local\Temp\c6931330ac5b1674f9b2c3691f2c061b51066839622a49a97f4608a3959e1767.exe
      "C:\Users\Admin\AppData\Local\Temp\c6931330ac5b1674f9b2c3691f2c061b51066839622a49a97f4608a3959e1767.exe" -cpipe \\.\pipe\PCommand96sqsemocdpcswxkj -child
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4548
  • C:\ProgramData\Getscreen.me\sqfityqivuunefcwtmknruhdhechqaq-elevate.exe
    "C:\ProgramData\Getscreen.me\sqfityqivuunefcwtmknruhdhechqaq-elevate.exe" -elevate \\.\pipe\elevateGS512sqfityqivuunefcwtmknruhdhechqaq
    1⤵
    • Executes dropped EXE
    PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Getscreen.me\logs\20240306.log
    Filesize

    726B

    MD5

    12bfcf8d938f72b7e946d14ba66ed20f

    SHA1

    f7c277118f97a479412b680044707984bd2468e1

    SHA256

    78634cca15cc8e9f12e9f9ca905d95fb051f113ea296668ca66a4ad373cba1ee

    SHA512

    42805fc819e659d549a492e8960cca21b22ab98b72cdb2a07e850e3dea98543f1d76544e3e5a13edd0163462a9e8a4bbcb067e3a5d60a8f695ab929877832228

    Download Submit

  • C:\ProgramData\Getscreen.me\logs\20240306.log
    Filesize

    2KB

    MD5

    ec315fca5418d77e763669dc4b81a556

    SHA1

    d22962ef6b26d804a33a70bc99630c11578a344d

    SHA256

    e456babc3f7b93f4b6b8138d096f79369a39f235cc5080978afc5f373666732b

    SHA512

    495a02983ca964afba2d332247d9e67fbb98cc07416af948d6d40b8df3e33c13317bb2a093d5a2603b1ae04920477215281aab6b1e6b3ba1ea91112fc1286dc5

    Download Submit

  • C:\ProgramData\Getscreen.me\logs\20240306.log
    Filesize

    261B

    MD5

    b992a9dad30a0c3c28a4fab51b799a50

    SHA1

    24e2a81bd97f49de8bfab63c4a199bb1ba78e67a

    SHA256

    9604e03c5248987c212b761fb97999df9540882281fc6f4b7ac56f488ed68322

    SHA512

    3654d30a16daf591cb61e4ed7b21fa56508be9dc4a123a58602c0e7f3dbd268db7cc90feca0d06fcc157c6368ccdec3868f53cc704fd1de3f2f0a3d502aba184

    Download Submit

  • C:\ProgramData\Getscreen.me\memory\0000pipe0PCommand96sqsemocdpcswxkj0
    Filesize

    2.3MB

    MD5

    f167c058f72c220338aa43cb1a2ed034

    SHA1

    0cebc0510e01bb200d20de8f77bf70515a005f03

    SHA256

    e155599c47013a2466c40fda40d280742523a65bd19ad2d81ff22dccb3d59e96

    SHA512

    58b42985323d9827f5324b54b482d629d237c9a0f1d47e6eea5e426967b2c180f45d6dda1858fbba3db73246e0f78d72ec78f765f0677b5d23520df683f1661c

    Download Submit

  • C:\ProgramData\Getscreen.me\sqfityqivuunefcwtmknruhdhechqaq-elevate.exe
    Filesize

    1.8MB

    MD5

    373635825a811462364303048d9d90ee

    SHA1

    5551f2abdffdcb4d9e44468aec3d27d92b4637f3

    SHA256

    b4fe02205d0429d7186bc98d71fab3b63ce3a64fefee14a824bf64b844234e63

    SHA512

    d1b48f9c0dc5447c61285a940484d20d0c26bbeba7f0f2276127403157fdd09959ad3d54c98ad7d1907b40e739e99a2b818f4540d06d8415859a8323f4531616

    Download Submit

  • C:\ProgramData\Getscreen.me\sqfityqivuunefcwtmknruhdhechqaq-elevate.exe
    Filesize

    3.1MB

    MD5

    5d606c332c756a8e753c1296a1ada65b

    SHA1

    99a3191e25d7184e0f839ea46a6ac6da7dc65d1e

    SHA256

    def3c79492a0246fef326a54c561a91cc0866d23f5ab601d73e23f9cdc191e29

    SHA512

    6897f0129557fb649b0def4a8ebcb3743b91fdb20af7e57dd6378bb46360072e94cb895eeda6fe720c1f405e536fe4a7fd5cb2ddf9e43c5ad67d788b71a0980c

    Download Submit

  • memory/2800-31-0x00007FF7B5D30000-0x00007FF7B75D4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/2800-14-0x00007FF7B5D30000-0x00007FF7B75D4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/2800-13-0x00007FF7B5D30000-0x00007FF7B75D4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-34-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-46-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-18-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-54-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-52-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-21-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-50-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-48-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-28-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-44-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-42-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-32-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-40-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-2-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-38-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/3356-36-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-45-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-47-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-39-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-55-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-41-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-9-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-43-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-29-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-35-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-37-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-33-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-27-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-49-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-19-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-51-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4400-53-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4548-20-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4548-26-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download

  • memory/4548-17-0x00007FF6BD910000-0x00007FF6BF1B4000-memory.dmp

    Filesize

    24.6MB

    Download