Overview

overview

7

Static

static

7

ccb82058f6...b5.exe

windows7-x64

7

ccb82058f6...b5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 01:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ccb82058f63fb0a76cd68dadf15e4bb5.exe

  • Size

    43KB

  • MD5

    ccb82058f63fb0a76cd68dadf15e4bb5

  • SHA1

    3717217442ce87963af94a362b7d4a148bf53e35

  • SHA256

    c6e98708175951005dbe0def6e390e6a59d9d8c67ea7623ed7a6299345153c25

  • SHA512

    a8386398144436cc261438362a001d72fd20baf9ba2618f79955fea925bde53658bd086b24cda10f313a6a156169628d5e82c6ff15051b2aa99ea617e4ea65ca

  • SSDEEP

    768:euYpUwVG/vHNLyty5ynFzbjivumZurBweqSXH/S+WkDlUL342LI72U56wt:1xyc5QyR4mL+dDlaI2kSUzt

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccb82058f63fb0a76cd68dadf15e4bb5.exe
    "C:\Users\Admin\AppData\Local\Temp\ccb82058f63fb0a76cd68dadf15e4bb5.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\Svchosts.exe
      C:\Windows\Svchosts.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:2192
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Deleteme.bat
      2⤵
      • Deletes itself
      PID:2224

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Deleteme.bat
          Filesize

          184B

          MD5

          e1371a681afc8100d257ae6ed80d0fa9

          SHA1

          2d6f2e7a66ca7c03bc299b0af353f0d84300fa5f

          SHA256

          3a5cab8e2a2394038be4a8c877fda78dd25f8dd3a06c8f3166b9786ed1fd4bb0

          SHA512

          0f07eae24099d2d1525e12830a4f6df9c4868190fe0e88ed9a6a5c7c5a3b50be28fbaba6544a431932cdb0dbad22087ee79e3ec2e94faa5f093dc4db66dba116

          Download Submit

        • C:\Windows\Svchosts.exe
          Filesize

          43KB

          MD5

          ccb82058f63fb0a76cd68dadf15e4bb5

          SHA1

          3717217442ce87963af94a362b7d4a148bf53e35

          SHA256

          c6e98708175951005dbe0def6e390e6a59d9d8c67ea7623ed7a6299345153c25

          SHA512

          a8386398144436cc261438362a001d72fd20baf9ba2618f79955fea925bde53658bd086b24cda10f313a6a156169628d5e82c6ff15051b2aa99ea617e4ea65ca

          Download Submit

        • memory/2184-17-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2184-6-0x0000000000220000-0x0000000000242000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2184-0-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-23-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-25-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-20-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-21-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-22-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-9-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-24-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-19-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-26-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-27-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-28-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-29-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-30-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-31-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2192-32-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download