Overview

overview

7

Static

static

7

Injector.exe

windows7-x64

7

Injector.exe

windows10-2004-x64

7

Resubmissions

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 18:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Injector.exe

  • Size

    461KB

  • MD5

    74e9c2da84432615f4562f724c8b792a

  • SHA1

    f10ba74f0a8bdb74335a94ee377979a6b6204c84

  • SHA256

    95b45baa28467be3ca303f48f696990d3491aa9d24ee888d221d5170f7bf5a23

  • SHA512

    12990370f2ae48b2a3e6ad624704b3feffb7c71e44f08037e84f8ce1e75b0faf8a46facd90c4aa5ee576c063dbbbe1e39e8ad36fcd783741dc2f84fa52c39d33

  • SSDEEP

    12288:wu/osQMgL96w0SVvV6fcaubLH31O2lxvdJGtKcctrJnSvLhTt:wur9gkEPGcHHX1OSr/cYtns

Score
7/10
persistenceupx

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 16 IoCs

    AutoIT scripts compiled to PE executables.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Runs regedit.exe 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Injector.exe
    "C:\Users\Admin\AppData\Local\Temp\Injector.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c timeout 1 & del /F "C:\Users\Admin\AppData\Local\Temp\Injector.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:676
      • C:\Windows\SysWOW64\timeout.exe
        timeout 1
        3⤵
        • Delays execution with timeout.exe
        PID:4820
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Roaming\regedit.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:544
      • C:\Users\Admin\AppData\Roaming\regedit.exe
        C:\Users\Admin\AppData\Roaming\regedit.exe
        3⤵
        • Executes dropped EXE
        • Runs regedit.exe
        • Suspicious use of WriteProcessMemory
        PID:208
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\5870.tmp.bat"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:864
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -Command Set-MpPreference -DisableRealtimeMonitoring $true
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:3520
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -Command Add-MpPreference -ExclusionExtension "@AppDataDir\regedit.exe"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2200
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -Command Add-MpPreference -ExclusionPath ΓÇ£C:\Users\AdminΓÇ¥
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4576

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
          Filesize

          2KB

          MD5

          968cb9309758126772781b83adb8a28f

          SHA1

          8da30e71accf186b2ba11da1797cf67f8f78b47c

          SHA256

          92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

          SHA512

          4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
          Filesize

          18KB

          MD5

          668e034b9b464ad3fdf096eb770947b2

          SHA1

          b6f838153e3ed5377d0e718aac715044818cd62e

          SHA256

          3d4f894ee61ff3ddf0a0a9ceeef0f0828b970fec06db73992f4992091cda0395

          SHA512

          9f783802cde97601fe7a800c4d20af4d4774d164ba615a4d563ba0e230e4677fff875a55eeabf028298514ba6411a0af116d592c68cfa2385d97ba09fc88d838

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
          Filesize

          18KB

          MD5

          c72178a395dd1e615f73a0a3309ec977

          SHA1

          c09fc1ff5623b9ebd2161423a8aaba68aca82be0

          SHA256

          cb84abaee0060a40225b91480ff2f1e50009423c2e97250d043796d8ed00aeba

          SHA512

          8753aa7b88653d12c8a9ea1ae7def44d00e3ff271a72a58016dc9296911bc67ef4339c5f2493d95d602f4e66adcfcf95c32dcf58cc9848c70ca9b9d82016124d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\5870.tmp.bat
          Filesize

          226B

          MD5

          fc2b98850fc0567fbe78cd14800b3f5e

          SHA1

          f8aa83d04ec8d7a64235d37e2be816ac9d78bc9b

          SHA256

          9d1a37cc58a2234ed3ded8b862979f95f2c2526283bc97c25fa92c2cc3e74762

          SHA512

          00d563ecb25d31a45403c4c2bc6f2803d13d494aa070644f6daa844b8600697cc34e79492136e5061518b34b10a3b998a99e0a3036e78b9d86d28e95ee4c69aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nvcexn4h.po2.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Roaming\regedit.exe
          Filesize

          461KB

          MD5

          74e9c2da84432615f4562f724c8b792a

          SHA1

          f10ba74f0a8bdb74335a94ee377979a6b6204c84

          SHA256

          95b45baa28467be3ca303f48f696990d3491aa9d24ee888d221d5170f7bf5a23

          SHA512

          12990370f2ae48b2a3e6ad624704b3feffb7c71e44f08037e84f8ce1e75b0faf8a46facd90c4aa5ee576c063dbbbe1e39e8ad36fcd783741dc2f84fa52c39d33

          Download Submit

        • memory/208-121-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-119-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-128-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-127-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-126-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-125-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-124-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-130-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-123-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-122-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-131-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-6-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-120-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-129-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-118-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/208-102-0x0000000000C20000-0x0000000000D1A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/1620-0-0x0000000000590000-0x000000000068A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/1620-3-0x0000000000590000-0x000000000068A000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/2200-88-0x00000000741D0000-0x0000000074980000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/2200-86-0x0000000007BC0000-0x0000000007BD4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2200-84-0x0000000005170000-0x0000000005180000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2200-85-0x0000000005170000-0x0000000005180000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2200-73-0x000000007F5F0000-0x000000007F600000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2200-74-0x0000000070630000-0x000000007067C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/2200-64-0x0000000005F50000-0x00000000062A4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/2200-60-0x0000000005170000-0x0000000005180000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2200-61-0x0000000005170000-0x0000000005180000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2200-59-0x00000000741D0000-0x0000000074980000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3520-30-0x000000007F140000-0x000000007F150000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3520-29-0x0000000005F70000-0x0000000005FBC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3520-52-0x00000000074A0000-0x00000000074B4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3520-53-0x00000000075A0000-0x00000000075BA000-memory.dmp

          Filesize

          104KB

          Download

        • memory/3520-54-0x0000000007580000-0x0000000007588000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3520-51-0x0000000007490000-0x000000000749E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3520-50-0x0000000007460000-0x0000000007471000-memory.dmp

          Filesize

          68KB

          Download

        • memory/3520-49-0x00000000074E0000-0x0000000007576000-memory.dmp

          Filesize

          600KB

          Download

        • memory/3520-48-0x00000000072D0000-0x00000000072DA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3520-46-0x00000000078A0000-0x0000000007F1A000-memory.dmp

          Filesize

          6.5MB

          Download

        • memory/3520-47-0x0000000007260000-0x000000000727A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/3520-45-0x0000000007120000-0x00000000071C3000-memory.dmp

          Filesize

          652KB

          Download

        • memory/3520-11-0x00000000741D0000-0x0000000074980000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3520-12-0x0000000002A70000-0x0000000002A80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3520-10-0x0000000002930000-0x0000000002966000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3520-31-0x0000000006500000-0x0000000006532000-memory.dmp

          Filesize

          200KB

          Download

        • memory/3520-43-0x0000000002A70000-0x0000000002A80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3520-13-0x0000000002A70000-0x0000000002A80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3520-14-0x00000000051C0000-0x00000000057E8000-memory.dmp

          Filesize

          6.2MB

          Download

        • memory/3520-15-0x0000000004F90000-0x0000000004FB2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3520-16-0x0000000005860000-0x00000000058C6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3520-17-0x0000000005940000-0x00000000059A6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3520-44-0x0000000002A70000-0x0000000002A80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3520-42-0x00000000070F0000-0x000000000710E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/3520-32-0x0000000070630000-0x000000007067C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3520-57-0x00000000741D0000-0x0000000074980000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3520-28-0x0000000005F20000-0x0000000005F3E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/3520-27-0x0000000005AB0000-0x0000000005E04000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/4576-117-0x00000000741D0000-0x0000000074980000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4576-103-0x000000007F7E0000-0x000000007F7F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4576-114-0x00000000023F0000-0x0000000002400000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4576-115-0x00000000023F0000-0x0000000002400000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4576-104-0x0000000070630000-0x000000007067C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/4576-100-0x0000000005640000-0x0000000005994000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/4576-89-0x00000000741D0000-0x0000000074980000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4576-90-0x00000000023F0000-0x0000000002400000-memory.dmp

          Filesize

          64KB

          Download