Overview

overview

7

Static

static

7

c4d31a74dc...b7.exe

windows7-x64

7

c4d31a74dc...b7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4d31a74dc1c1a164e0f5b372884d6b7.exe

  • Size

    20KB

  • MD5

    c4d31a74dc1c1a164e0f5b372884d6b7

  • SHA1

    c0fdb298f82d91ada28e40ace6bebf025c222484

  • SHA256

    e094bc919e9493528ed32b37b96c024f98c353880e6cd9e37f5b382a2f86fe5e

  • SHA512

    d430779ddad10dcf663de7c53c00394e514d8a25a57cb072f92409263d745a54a615ff4fd168793c3a6baa8ae8b69f64f52599570eff62566542da2f903bcad9

  • SSDEEP

    384:+VJXuJZVNbd2rEPZNmW9q1+RrYJpQZ34hLBE920Y4wVTQ1QOFouxHIIhcZHnMmMa:+VJXuJPNbIrEHm04T7BBE9pY4wVTQqO0

Score
7/10
persistenceupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1368
      • C:\Users\Admin\AppData\Local\Temp\c4d31a74dc1c1a164e0f5b372884d6b7.exe
        "C:\Users\Admin\AppData\Local\Temp\c4d31a74dc1c1a164e0f5b372884d6b7.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3044

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\ticisms.dll
      Filesize

      28KB

      MD5

      f3cd829597c928c4b552b3506fa31bf9

      SHA1

      357c0b1559896bafca53602e49bbb084d893aff3

      SHA256

      c985bbbbf3bc1a0cbb034fd35db1f70a0e3ca70deb3f39c28be48578fcb305b8

      SHA512

      07c0287227e0f1c7f79eb24b0e212e30ec5f570219c3111e385ceb3408d6262f24a9c50b7c3259bff86411a5cc95eccc6ebfd1da830b765b97ca5be1d7751e7f

      Download Submit

    • memory/1368-3-0x0000000002B20000-0x0000000002B21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3044-0-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3044-16-0x00000000002D0000-0x00000000002D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3044-12-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3044-20-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download