Overview

overview

8

Static

static

7

caeb09f60a...63.exe

windows7-x64

8

caeb09f60a...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    caeb09f60a374d842038815b9f852563.exe

  • Size

    13KB

  • MD5

    caeb09f60a374d842038815b9f852563

  • SHA1

    d3b2bbcc70c64a8e4ebf83663dce5f8457d328e8

  • SHA256

    5b6e533520b54ffbc22f143217b1e1e29240a21bd972c462d18e533d7bd81b65

  • SHA512

    1051de811c760a81f00e1a58210f96d57803641c62b433b5b7394314617804616aadfcb75df39461486e5b7fd4aa1fd167c5722101d22a0ae1cafd0a52cb2b04

  • SSDEEP

    192:cqv1LwNY2YjsCcVh9t5tH2XfXkZTxFFVdxnkhHYUMQFmIIMsAqYUDjpci7+4Eg:zv1MNAoCA5t2XAFVdxnq5MrMrWHlSJg

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\caeb09f60a374d842038815b9f852563.exe
    "C:\Users\Admin\AppData\Local\Temp\caeb09f60a374d842038815b9f852563.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4316
    • C:\Windows\SysWOW64\biroask.exe
      C:\Windows\system32\biroask.exe ˜‰
      2⤵
      • Executes dropped EXE
      PID:3608
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\caeb09f60a374d842038815b9f852563.exe.bat
      2⤵
        PID:4608
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2368 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4584

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\caeb09f60a374d842038815b9f852563.exe.bat
        Filesize

        182B

        MD5

        c363f76c2a7c6f88bee78a2137f4a18f

        SHA1

        22249030c0e7b8bae7e0926ff42ce5b577ef3939

        SHA256

        168dec7e40e91c6eba5fcdd4c7b4e8f39603e164e679907a432b77a690f24824

        SHA512

        d179807441fabdda814b02d30b0e9c42c6c2182a7799ba9589b749eb7754f1a8c24f9d1d51529f1636afe4b1a820c2fd3af96a7cc24aaa9a354695ba90777347

        Download Submit

      • C:\Windows\SysWOW64\biroask.exe
        Filesize

        13KB

        MD5

        caeb09f60a374d842038815b9f852563

        SHA1

        d3b2bbcc70c64a8e4ebf83663dce5f8457d328e8

        SHA256

        5b6e533520b54ffbc22f143217b1e1e29240a21bd972c462d18e533d7bd81b65

        SHA512

        1051de811c760a81f00e1a58210f96d57803641c62b433b5b7394314617804616aadfcb75df39461486e5b7fd4aa1fd167c5722101d22a0ae1cafd0a52cb2b04

        Download Submit

      • memory/3608-6-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/3608-8-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/4316-0-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/4316-7-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download