Overview

overview

7

Static

static

7

c5867e53e8...e2.exe

windows7-x64

7

c5867e53e8...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5867e53e86ebb5549017903fffd97e2.exe

  • Size

    74KB

  • MD5

    c5867e53e86ebb5549017903fffd97e2

  • SHA1

    9791c665ae9354a210b8ee08d8f80241c5794936

  • SHA256

    227c4212500ea1ee87b31276fd26b6803cae4bf8775cb130559672960327f485

  • SHA512

    cd5dec204110f031a2f5401276dc4023962f8d85dbb1e94753fef4f63743c349f44a92f23784a3bdb704b090f401cdea80f1741456f3c91bbef52e04c29521a7

  • SSDEEP

    1536:P9HtEetQfYioFyNjL3WQ7vxXnIch/nJcappIpOqT9E3db93OOBadX+IlzFNjIf:PFdtQfYix1Zh3I1T9w/BadX9FSf

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5867e53e86ebb5549017903fffd97e2.exe
    "C:\Users\Admin\AppData\Local\Temp\c5867e53e86ebb5549017903fffd97e2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Users\Admin\AppData\Local\Temp\cstart-tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\cstart-tmp.exe" /wait 1120
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\log.txt
    Filesize

    4KB

    MD5

    45ed335a6c6aacfd964501d6395720a4

    SHA1

    9fb138d72a1f9660fa009e790fa40d418bc4bbe1

    SHA256

    1548ad71fe7ed6eca78afd9f2fcc5bd8273156c5ef9f552844e90f4e5f4f44ad

    SHA512

    cf709b93990afded7e006283615664ddac821f58bdf0a343d4766fdd6e4a64cd545b69915ff4c1cc73a4a168b9d2f8bc1db9269981db19fec6a24c8c1139fe03

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\settings.ini
    Filesize

    36B

    MD5

    26c759a5864fec759f2a7f25de9126b2

    SHA1

    abf1ce13092222e3d8bb3b5fbb4aed61dda38a36

    SHA256

    4a5f65b5e5d77649251661bb7ab6ba4b313e30b3063fb20d5b4677525e5547a7

    SHA512

    24039d4460fa965093785319bf3abfe1acb9b5eb4322ed8109fd1633737f00b4f28b310afdf04b1f44567e9420ff7d020491585c16125de0b182593c569a4e28

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cstart-tmp.exe
    Filesize

    74KB

    MD5

    c5867e53e86ebb5549017903fffd97e2

    SHA1

    9791c665ae9354a210b8ee08d8f80241c5794936

    SHA256

    227c4212500ea1ee87b31276fd26b6803cae4bf8775cb130559672960327f485

    SHA512

    cd5dec204110f031a2f5401276dc4023962f8d85dbb1e94753fef4f63743c349f44a92f23784a3bdb704b090f401cdea80f1741456f3c91bbef52e04c29521a7

    Download Submit

  • memory/1120-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1120-11-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2752-12-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2752-38-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download