Overview

overview

7

Static

static

3

c482288399...ad.exe

windows7-x64

7

c482288399...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 00:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c482288399f315ca8c2430b8f2d4dead.exe

  • Size

    524KB

  • MD5

    c482288399f315ca8c2430b8f2d4dead

  • SHA1

    a48232f3da22b10e6fb3083e82c6cf0f89c1e9fc

  • SHA256

    6120e989002e9bbd3f9e3ebe242168aaebded7991a682db545ad7b28d85b5dde

  • SHA512

    2d9bb90ea4fb261f1cf206b58d797ee8db4f6cdab0aa0a71ba926079caeb4ce411c960d80a28499d7235204a885e42cd8998b8092a6d61408d6160660f2a3c24

  • SSDEEP

    12288:M4g1PZwpgiE9j8fLITQJ9ma9osmXpljAQ7fqJJbv0:+w4LMJ9+9Xp6Q4v

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c482288399f315ca8c2430b8f2d4dead.exe
    "C:\Users\Admin\AppData\Local\Temp\c482288399f315ca8c2430b8f2d4dead.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\ProgramData\jK01803LaMoC01803\jK01803LaMoC01803.exe
      "C:\ProgramData\jK01803LaMoC01803\jK01803LaMoC01803.exe" "C:\Users\Admin\AppData\Local\Temp\c482288399f315ca8c2430b8f2d4dead.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2872

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\jK01803LaMoC01803\jK01803LaMoC01803
          Filesize

          192B

          MD5

          e5132d20d11abf31793c6114b0a277c9

          SHA1

          81abf8be2ebd8f3fbd8e2d7667877d70e1e5c2c6

          SHA256

          8350dc5ea7a067dd2a330d7f3059c5b9aa7c961adc817ea72973c387abcf9887

          SHA512

          a2eb076c77f5332a3fa1b2e5057c3c63ae51aa003bd8784613d366065bdd64828f602756d160e0fa614f4d10c13b2f72c6ff6541a769cf0691309f62473ebb8e

          Download Submit

        • C:\ProgramData\jK01803LaMoC01803\jK01803LaMoC01803.exe
          Filesize

          232KB

          MD5

          103d72a6763b23c6bfaa0da3966a6514

          SHA1

          adbbe582b693817c6194695f59ce0636e476e073

          SHA256

          85cabac69c15f0632117f38b7873020262107dcc8dd413480968c69ec1fc2b21

          SHA512

          a8bf06b34aad74b953843ce15369bc91998cc30c0c69f8b3ecfa958046e3df0c9b386c614e0f48861edf97f10dafa59bcbb2739c361c5c4d14e699bd29643d13

          Download Submit

        • \ProgramData\jK01803LaMoC01803\jK01803LaMoC01803.exe
          Filesize

          524KB

          MD5

          5fdd579f72f9b60edcb024f51fc8b2f3

          SHA1

          b3b6bd34203e96f5cb169c1d70d68d2337edf56b

          SHA256

          fe3c1dd4a3cebd2bf9b2576ae74473549e7becfe4f953985e90f946471ad2b1d

          SHA512

          253881269eb8701622705e5418e026ebe043acf5f8b3f9d7e41388852da7c54320241453547cacafbb9a02c6639c1707e367520eaf7ba45f2ad46f5c3b053a2e

          Download Submit

        • memory/2024-18-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/2024-1-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/2024-2-0x0000000000670000-0x0000000000770000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2872-20-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/2872-21-0x0000000000680000-0x0000000000780000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2872-30-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/2872-32-0x0000000000680000-0x0000000000780000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2872-40-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/2872-53-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download

        • memory/2872-54-0x0000000000400000-0x00000000004D9000-memory.dmp

          Filesize

          868KB

          Download