Overview

overview

7

Static

static

3

b9bc959031...8a.exe

windows7-x64

7

b9bc959031...8a.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9bc959031d3f0c147c914bc9080318a.exe

  • Size

    62KB

  • MD5

    b9bc959031d3f0c147c914bc9080318a

  • SHA1

    2e70d59ed58541af5efe11ffa48c511e3f182cf2

  • SHA256

    739705ee99c920e042e31b69f302955e75b6e9c11811366f0caef0aff407797d

  • SHA512

    7032a43b6434e5d2db4c58f991f997560b41679f9c028a9dc01ba5facd799d8aeb6a94ee0ebddf5931486f43cc5979af02c54deeaeaee19ff3ce07949038a453

  • SSDEEP

    1536:0YbzLgR1hGlrE4smqSApftLLpcOEmEA6cYDX8B1osAeyc9X:0PREJsVSm/bExy19Aev

Score
7/10
persistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies WinLogon 2 TTPs 8 IoCs
    persistence
  • Drops file in System32 directory 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1192
      • C:\Users\Admin\AppData\Local\Temp\b9bc959031d3f0c147c914bc9080318a.exe
        "C:\Users\Admin\AppData\Local\Temp\b9bc959031d3f0c147c914bc9080318a.exe"
        2⤵
        • Loads dropped DLL
        • Modifies WinLogon
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1908

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\yvbb01.dll
      Filesize

      48KB

      MD5

      3713440e3f39870d040a7d2f343796df

      SHA1

      6f513c6c7a8d2e74415bb82bcbc5a3c9757442a6

      SHA256

      8f0f9f3dedd8fb165560ec978b6587311171b3535675aa51f2cd3b96f29fb9c3

      SHA512

      3367c00c5faa6808e0644b96969f2485957d12b21076ec80665e2656a08b9478d3857b98f98b2566e6673baced569a7a6bd95f2aa17e6df1632a94049c5df6b1

      Download Submit

    • C:\Windows\SysWOW64\yvbb01.sys
      Filesize

      20KB

      MD5

      97f71c71fb9aac6bd37e55a77e47dbfb

      SHA1

      9bbba5fb0f675b024ecf15a1c607c2f64e1a6352

      SHA256

      4d96fb3ce176b3a4fd0b57fb02e587da2829bd30e76936396b93f68bc7bb60b7

      SHA512

      057066ba68d5ee6989c0620972eb21b0194aa804163954385e17fbf8e4d9bef6e2817404c26fde188449bbd6f0c2b370cb0f6067122a6e588f4400bfc0ab90fb

      Download Submit

    • memory/1192-14-0x0000000002260000-0x0000000002261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1908-11-0x0000000010000000-0x0000000010051000-memory.dmp

      Filesize

      324KB

      Download

    • memory/1908-17-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

      Download

    • memory/1908-18-0x0000000010000000-0x0000000010051000-memory.dmp

      Filesize

      324KB

      Download