794fed30892a3ed8c12cf23e0b4dc0873b452e98c9667e57d2350f2113cf69a7

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc6b83f066e4d8e61d855de191a785c7.exe
Size

437KB
MD5

cc6b83f066e4d8e61d855de191a785c7
SHA1

aba872ffc37c959ab0ade1c5dbc341cea98c0db2
SHA256

794fed30892a3ed8c12cf23e0b4dc0873b452e98c9667e57d2350f2113cf69a7
SHA512

ee2ff8366c17d46ee033501dab2606d64c8556e88a95d5f773e961c8e7a4014277e642b0fee21bbe2ebba8ea5296dd91a52768f712de670a5176968d86fc8646
SSDEEP

12288:T0JBqbCHhRZFkukMk1V1qZ6ORl0YWbbnyn7v:T0JBq2HzZFkukMOGZ6ORl0YMby7v

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2836-1-0x0000000000400000-0x0000000000489000-memory.dmp	upx

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\5761b2dc-ce77-4bfa-b965-6f33b1867cf2	cc6b83f066e4d8e61d855de191a785c7.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe
2836	cc6b83f066e4d8e61d855de191a785c7.exe

C:\Users\Admin\AppData\Local\Temp\cc6b83f066e4d8e61d855de191a785c7.exe
"C:\Users\Admin\AppData\Local\Temp\cc6b83f066e4d8e61d855de191a785c7.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2836-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2836-1-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download