Overview

overview

8

Static

static

7

761d69e82e...63.exe

windows7-x64

8

761d69e82e...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 21:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    761d69e82e8817b288eadee87a87c868e5b292b6eb323bbeb1d50e698d807563.exe

  • Size

    9.3MB

  • MD5

    a2506f486059dbab22a8d70e74c73e7d

  • SHA1

    883ff6c6dd24d5958ea14a458993eaaddd6cbffb

  • SHA256

    761d69e82e8817b288eadee87a87c868e5b292b6eb323bbeb1d50e698d807563

  • SHA512

    da3b25ddba64bd36b7c2f8b116b72ea988eaf57efd726270a391cabadafb998da16e23fa660ecff48dfae8f92087f40ea0d3dc086cf9daa2f9e661afd9457ae3

  • SSDEEP

    196608:5xz51LZLi3m38NuPyRqhhhIHVE24f6N1Ii:5xz519LmNuPyqhU1E24A/

Score
8/10
persistenceupx

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 7 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • NTFS ADS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\761d69e82e8817b288eadee87a87c868e5b292b6eb323bbeb1d50e698d807563.exe
    "C:\Users\Admin\AppData\Local\Temp\761d69e82e8817b288eadee87a87c868e5b292b6eb323bbeb1d50e698d807563.exe"
    1⤵
    • Drops file in Drivers directory
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    PID:392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 3460
      2⤵
      • Program crash
      PID:4960
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 392 -ip 392
    1⤵
      PID:4252

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\wkw4D2.tmp
            Filesize

            896KB

            MD5

            ff5eaaa53ede124c90876da05f7e86ac

            SHA1

            32d08cd516cc2012bf3de29d114f57f1526dbb85

            SHA256

            e23ac3370c545e88b58bbe9ecd30fb0e56eceef47ef1a2173afc8dbed2336e86

            SHA512

            fc95280103ff618a69bcf840da3eb42c98f851f85acd66ec2f86e38069a8c7df4c75b4556ca9de8322f8d8f23cfd3643248214711b61ab988dd63903686557e1

            Download Submit

          • memory/392-0-0x0000000000400000-0x0000000000D20000-memory.dmp

            Filesize

            9.1MB

            Download

          • memory/392-2-0x0000000000400000-0x0000000000D20000-memory.dmp

            Filesize

            9.1MB

            Download

          • memory/392-3-0x0000000000400000-0x0000000000D20000-memory.dmp

            Filesize

            9.1MB

            Download

          • memory/392-1-0x0000000000F70000-0x0000000000F71000-memory.dmp

            Filesize

            4KB

            Download

          • memory/392-446-0x0000000000400000-0x0000000000D20000-memory.dmp

            Filesize

            9.1MB

            Download