Overview

overview

7

Static

static

7

c821288e84...57.exe

windows7-x64

7

c821288e84...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 08:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c821288e845f1b9caa1d8de70949ca57.exe

  • Size

    47KB

  • MD5

    c821288e845f1b9caa1d8de70949ca57

  • SHA1

    416399b198a968881168c48ec71f57f4209b76ce

  • SHA256

    d006949ada27d9c72fd6f6a2e987bec0d620f55a5794d6e7537d14777858e9e7

  • SHA512

    fdcca5e48cc95415253bd5dbea922f51c505f0153922d55a2c5998ea8c98b14acfcdf6d44f45b6b256f00a3d58d644a7ed5194a141b32206e02c817ac3949330

  • SSDEEP

    768:+TNR61NTTRTQC1iKZ/tC59qdtPWTFdVYFbq36EQtin2O5bmKBvk02/6:+TL61lTxQCJ/M34PW+lq36TU2OJbBviS

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c821288e845f1b9caa1d8de70949ca57.exe
    "C:\Users\Admin\AppData\Local\Temp\c821288e845f1b9caa1d8de70949ca57.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Windows\system32\whhfd008.ocx" pfjieaoidjglkajd
      2⤵
      • Loads dropped DLL
      PID:3840
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Program Files\Common Files\0E5731EDce.dll" m3
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: LoadsDriver
      • Suspicious use of AdjustPrivilegeToken
      PID:2452
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Program Files\Common Files\whh15013.ocx" pfjaoidjglkajd C:\Users\Admin\AppData\Local\Temp\c821288e845f1b9caa1d8de70949ca57.exe
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\0E5731EDce.dll
    Filesize

    10KB

    MD5

    f1f49fb85ab029ad86c02ebecb892b12

    SHA1

    664a602f8e843218c1158571714cd0adee1da939

    SHA256

    f8f3abcf8d43377b49d1edce23a667c9efd9cde86e9afee228e8c3b093013f13

    SHA512

    600810f5a23067afb483b2fb5cd980c817d1b79da7fd7c5183a2d76f3546c514256f5536791abd4ed4b949518c63ab7c55df3e9b9109df2681fd3df10dbd2673

    Download Submit

  • C:\Program Files\Common Files\whh15013.ocx
    Filesize

    55KB

    MD5

    db8b8cbe844b6804ad5db101431cdfbb

    SHA1

    a12be10bf0b8571a72c4213766aa75713c0d8f67

    SHA256

    fb27f5cea348b565b4f9cca526e6ed901af40ee782b15fe77f9536999d93fe85

    SHA512

    1759f33c22deac0fddd14aa9f130d75c5d6922ea75c67d1fbab7d1431b21b88723ff745918d72df812eb482f86468a928cb89c0e621adda44527dcd21da0dc68

    Download Submit

  • C:\Windows\SysWOW64\whhfd008.ocx
    Filesize

    14KB

    MD5

    731659d09654891912ac223e20cd10ab

    SHA1

    13cee04adc7b09ef1c0c6b9abc02d0c7bc02a071

    SHA256

    672639ce00081bdd6b6ee69e1bc816d0b353ed9713b5a21bac6009907daf3d3b

    SHA512

    e2b63a180ff6a9ef523f21a9afe9f71f612f617fbab5b791f763c8bccab14d8cb1986729fadba4bc5f29fe9813766bcb88168018f8c6571ec72efc69639f1116

    Download Submit

  • memory/2452-19-0x0000000002220000-0x0000000002433000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2452-22-0x0000000010000000-0x0000000010206000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2452-24-0x0000000002220000-0x0000000002433000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3840-16-0x00000000025C0000-0x00000000027D3000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3840-20-0x0000000010000000-0x0000000010208000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3840-23-0x00000000025C0000-0x00000000027D3000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3964-21-0x0000000010000000-0x0000000010213000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5032-0-0x0000000000400000-0x000000000061C000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5032-7-0x0000000000400000-0x000000000061C000-memory.dmp

    Filesize

    2.1MB

    Download