Overview

overview

8

Static

static

7

d34e20e1d0...ee.exe

windows7-x64

8

d34e20e1d0...ee.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    155s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 10:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d34e20e1d05b68904b9a16600ac5ecee.exe

  • Size

    14KB

  • MD5

    d34e20e1d05b68904b9a16600ac5ecee

  • SHA1

    26b18a507d8bcbc7d583e015f3710fa7924c386d

  • SHA256

    5b2d4d019eca7d694b8a17b9701a9b68ce9866fa0eba50f1f5fc05c7d471947f

  • SHA512

    d31ce4d864c1ad93ab2f78c91d788965cd1ae631a8c96b09418f09b94d0bdee5c33920a2ebf911f820483b928fc781346c0409fb687884db1a34a9b9d66d8359

  • SSDEEP

    192:0Z9nURBHXi5kpgYw3EZ10OXTSf1giT5yiba9z5I5FoRaAc2tPjXHW:0HGB2kpgYw3E7pTSf1giT5wI0QuG

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d34e20e1d05b68904b9a16600ac5ecee.exe
    "C:\Users\Admin\AppData\Local\Temp\d34e20e1d05b68904b9a16600ac5ecee.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\D34E20~1.EXE > nul
      2⤵
        PID:1144
    • C:\Windows\SysWOW64\server.exe
      C:\Windows\SysWOW64\server.exe
      1⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:3532
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3880

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\SysWOW64\drivers\GTHOOK.sys
              Filesize

              7KB

              MD5

              e758b576126df7206091dcac9018605d

              SHA1

              2b8ca8a490ab82141d783e08669c44196428cfdf

              SHA256

              5a6b3ac1b93aacee17fd62d33ec55ffef9293ff078648538e73afd0eb0f6fc94

              SHA512

              45cf7f1d070cade25ce4d7a9ff637dc8b5880504239292e42606277d126358db4f86edc82c7910799633969fc6d301086b0ef4dbc7520d965290bbf5848566bb

              Download Submit

            • C:\Windows\SysWOW64\server.exe
              Filesize

              14KB

              MD5

              d34e20e1d05b68904b9a16600ac5ecee

              SHA1

              26b18a507d8bcbc7d583e015f3710fa7924c386d

              SHA256

              5b2d4d019eca7d694b8a17b9701a9b68ce9866fa0eba50f1f5fc05c7d471947f

              SHA512

              d31ce4d864c1ad93ab2f78c91d788965cd1ae631a8c96b09418f09b94d0bdee5c33920a2ebf911f820483b928fc781346c0409fb687884db1a34a9b9d66d8359

              Download Submit

            • memory/1116-0-0x0000000000400000-0x000000000044C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/1116-8-0x0000000000400000-0x000000000044C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/3532-9-0x0000000000400000-0x000000000044C000-memory.dmp

              Filesize

              304KB

              Download