Overview

overview

8

Static

static

7

ded9bf868b...b1.exe

windows7-x64

8

ded9bf868b...b1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 09:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ded9bf868b31a00bb658b44aa70e15b1.exe

  • Size

    13KB

  • MD5

    ded9bf868b31a00bb658b44aa70e15b1

  • SHA1

    a60be4ad196224715219e8d7ff747102b441bed0

  • SHA256

    27328041bb85b2e5b2a48743d362663d4907e3a07e7b7a2f3cc72e8a8cfab462

  • SHA512

    3f2cfc914f5b7abe2529c35e071da3802d932cbd8289ac298162e8993bfae2dd5640a30ea48245335aba7c1358485aa80100c4bc974e28374f27300648af3cf1

  • SSDEEP

    384:Im/3/+W1Y3/P9ixhLcftAmhux4pxOjgAzCEY:Im3FYvPy+H

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ded9bf868b31a00bb658b44aa70e15b1.exe
    "C:\Users\Admin\AppData\Local\Temp\ded9bf868b31a00bb658b44aa70e15b1.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Windows\SysWOW64\docyanxk.exe
      C:\Windows\system32\docyanxk.exe ˜‰
      2⤵
      • Executes dropped EXE
      PID:4672
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ded9bf868b31a00bb658b44aa70e15b1.exe.bat
      2⤵
        PID:3696

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ded9bf868b31a00bb658b44aa70e15b1.exe.bat
            Filesize

            182B

            MD5

            ba16851c2a3f0ae0e3dc4ac6b8b68954

            SHA1

            dd6edc79ff6ef72bc26eca69da3ee079dca91b2e

            SHA256

            4934398aa4af37d0fc3edd3cab4cd99e642d90833325da50777b8163e1c145c9

            SHA512

            5ca87a197cf850d7d9a50d087543b5f5b3e4dbc7c93d285beebca8f6162216fe5e57717782b24bbc6bfc96bd417f032392870b42fece007c6ecee570c62aa81c

            Download Submit

          • C:\Windows\SysWOW64\docyanxk.exe
            Filesize

            13KB

            MD5

            ded9bf868b31a00bb658b44aa70e15b1

            SHA1

            a60be4ad196224715219e8d7ff747102b441bed0

            SHA256

            27328041bb85b2e5b2a48743d362663d4907e3a07e7b7a2f3cc72e8a8cfab462

            SHA512

            3f2cfc914f5b7abe2529c35e071da3802d932cbd8289ac298162e8993bfae2dd5640a30ea48245335aba7c1358485aa80100c4bc974e28374f27300648af3cf1

            Download Submit

          • memory/3480-0-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3480-8-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4672-10-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download