Overview

overview

7

Static

static

3

c60f759ab5...7c.exe

windows7-x64

7

c60f759ab5...7c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 14:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c60f759ab51cd29679d9a5269ea5047c.exe

  • Size

    444KB

  • MD5

    c60f759ab51cd29679d9a5269ea5047c

  • SHA1

    df0d339c51c281e362fbc947fa8e134f46c47cb4

  • SHA256

    583023b007db4e7d64b4c52fa0049794698941198977b3f7eeb6b67ef00d9c86

  • SHA512

    a623a76fb60bd7eb289329c0fbd09c876e09f6a70fd5624c7c745ba81274b0e21ee14691ff6da6479bad2e270515c4659f11d8dcc00c571e7f9ad07096aed49d

  • SSDEEP

    12288:b9RTv7UCh6Ww+LroDN4XHfcaOD9cI/04tDv2e4:b991cp+LW4XaB

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c60f759ab51cd29679d9a5269ea5047c.exe
    "C:\Users\Admin\AppData\Local\Temp\c60f759ab51cd29679d9a5269ea5047c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\ProgramData\oG42900EfEaI42900\oG42900EfEaI42900.exe
      "C:\ProgramData\oG42900EfEaI42900\oG42900EfEaI42900.exe" "C:\Users\Admin\AppData\Local\Temp\c60f759ab51cd29679d9a5269ea5047c.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2720

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\oG42900EfEaI42900\oG42900EfEaI42900
          Filesize

          192B

          MD5

          631372c0b2fe6e123231be7254eb227d

          SHA1

          46a4601317ace84e331d55ae7149e9e1cd29a9ae

          SHA256

          8910f9f2981bf601368e834900a9d5498832709b11483f9f8dc6c766e5331a42

          SHA512

          87dd22f86d880c6b71a974b8a6eb8d65ea7cd125466fc130ba243ad48fdc33e95b30ac19c08ee8c0ae0f067b204af9eef5e285f438ce4849bbbd0873f4ca84af

          Download Submit

        • C:\ProgramData\oG42900EfEaI42900\oG42900EfEaI42900.exe
          Filesize

          383KB

          MD5

          f34c09cc662ded6bc6bf76bdf0bc2b4d

          SHA1

          784cd9663c3d36cce9d6d296c1fb3406fa1d764c

          SHA256

          531eaf6e8f0d8f74b6600523395863444adadfd634555faf7bbec1811fb817dc

          SHA512

          3f25b0d61f5dba9d313ddabdace97e0e5f55df86c4ec3a31460f99779deb07324bad9c98ec15036c097f12186b87d166115585d93c862625836dd5357cca770f

          Download Submit

        • C:\ProgramData\oG42900EfEaI42900\oG42900EfEaI42900.exe
          Filesize

          281KB

          MD5

          fa666fd8795b878a5b7e82fae86885d5

          SHA1

          2b1622b90f548cdd4686b7f19d3f2f21b8fff801

          SHA256

          c1b6d8f8966ff16acf8e85ab36c865a3c239ce68f3a2b87379653e73d960e45d

          SHA512

          c6900594838796bb6c27210ad57993e3c94ad75b18ebe663921c8650b14658944955683da7e2819405b9b206e582551099bd4429fab31167f13ed7926e74e059

          Download Submit

        • memory/1964-1-0x0000000000400000-0x00000000004C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1964-2-0x0000000000680000-0x0000000000780000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1964-14-0x0000000000400000-0x00000000004C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2720-16-0x0000000000400000-0x00000000004C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2720-17-0x0000000000560000-0x0000000000660000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2720-25-0x0000000000400000-0x00000000004C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2720-27-0x0000000000560000-0x0000000000660000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2720-33-0x0000000000400000-0x00000000004C2000-memory.dmp

          Filesize

          776KB

          Download