Overview

overview

7

Static

static

7

c5867e53e8...e2.exe

windows7-x64

7

c5867e53e8...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 09:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c5867e53e86ebb5549017903fffd97e2.exe

  • Size

    74KB

  • MD5

    c5867e53e86ebb5549017903fffd97e2

  • SHA1

    9791c665ae9354a210b8ee08d8f80241c5794936

  • SHA256

    227c4212500ea1ee87b31276fd26b6803cae4bf8775cb130559672960327f485

  • SHA512

    cd5dec204110f031a2f5401276dc4023962f8d85dbb1e94753fef4f63743c349f44a92f23784a3bdb704b090f401cdea80f1741456f3c91bbef52e04c29521a7

  • SSDEEP

    1536:P9HtEetQfYioFyNjL3WQ7vxXnIch/nJcappIpOqT9E3db93OOBadX+IlzFNjIf:PFdtQfYix1Zh3I1T9w/BadX9FSf

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5867e53e86ebb5549017903fffd97e2.exe
    "C:\Users\Admin\AppData\Local\Temp\c5867e53e86ebb5549017903fffd97e2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Users\Admin\AppData\Local\Temp\cstart-tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\cstart-tmp.exe" /wait 2420
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:3404

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\cstart-tmp.exe
          Filesize

          74KB

          MD5

          c5867e53e86ebb5549017903fffd97e2

          SHA1

          9791c665ae9354a210b8ee08d8f80241c5794936

          SHA256

          227c4212500ea1ee87b31276fd26b6803cae4bf8775cb130559672960327f485

          SHA512

          cd5dec204110f031a2f5401276dc4023962f8d85dbb1e94753fef4f63743c349f44a92f23784a3bdb704b090f401cdea80f1741456f3c91bbef52e04c29521a7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\log.txt
          Filesize

          4KB

          MD5

          1be8806a79728b9fa0e0f977e691f24c

          SHA1

          e30754f7e0b0e31c9c99b7636fd77c92a6b121ea

          SHA256

          2fb9affb64fe1e17f788cbf8183a5078fa826cda1f33e741fd937f535b4e6cbc

          SHA512

          43f29f8847ed6ce6ccfccdda680d176f50ca3fa3529399b15dabdc5c0c510e29293b2864822669906bf61e21ed65ca087c3d943c4748f96e00440bccb53c3291

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\log.txt
          Filesize

          4KB

          MD5

          67389a3fd30c534369674c4a6cccc796

          SHA1

          5ccb98af6c556eda03b994cc96bee737a7c2b29e

          SHA256

          1fd9611225c8d904eabcb3e6c88f1be872e3792f83832aa691b49126b4c5dead

          SHA512

          bc01548bce3bf81672f373a8585f12c6da2bde94eb880f69e492ebc692725f0ac9c68fa437c43fc571ded2fbc510c23a918f23a27fac10d0357e5f8ada97a358

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\settings.ini
          Filesize

          36B

          MD5

          26c759a5864fec759f2a7f25de9126b2

          SHA1

          abf1ce13092222e3d8bb3b5fbb4aed61dda38a36

          SHA256

          4a5f65b5e5d77649251661bb7ab6ba4b313e30b3063fb20d5b4677525e5547a7

          SHA512

          24039d4460fa965093785319bf3abfe1acb9b5eb4322ed8109fd1633737f00b4f28b310afdf04b1f44567e9420ff7d020491585c16125de0b182593c569a4e28

          Download Submit

        • memory/2420-0-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2420-7-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/3404-8-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/3404-33-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download