Overview

overview

10

Static

static

3

67d39d9194...12.exe

windows7-x64

8

67d39d9194...12.exe

windows10-1703-x64

10

67d39d9194...12.exe

windows10-2004-x64

7

67d39d9194...12.exe

windows11-21h2-x64

8

Resubmissions

12-04-2024 13:28

240412-qq3vjadh2z 10

12-04-2024 13:27

240412-qqg8tsag65 10

12-04-2024 13:27

240412-qqgmasag64 10

12-04-2024 13:27

240412-qqgbjaag62 8

12-04-2024 13:27

240412-qqdkmsdg9z 10

09-04-2024 04:02

240409-el73xahe9s 10

09-04-2024 04:01

240409-elk85she71 10

09-04-2024 04:01

240409-eldjasea62 10

09-04-2024 04:01

240409-ek8m2she6w 10

14-01-2024 01:31

240114-bxveeaaeh9 7

Analysis

  • max time kernel
    571s
  • max time network
    1200s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-04-2024 04:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67d39d9194a79f2f1aa0585b8cbc3a38a651964d72469e27692a62038ae3b412.exe

  • Size

    1.9MB

  • MD5

    456dad1f25fefa40f70c152a706316bc

  • SHA1

    c741c8e32f1510c175c6d518401f3cf4d4f6d8da

  • SHA256

    67d39d9194a79f2f1aa0585b8cbc3a38a651964d72469e27692a62038ae3b412

  • SHA512

    e51d7f476d0b92cef1d2bc012f9436aead835642381241ba6d2dd149251a3ccc09b28e0be160e1e8f62aa6da79b935a6016700e31605895042c1fe61b4ca876f

  • SSDEEP

    49152:F/MBkUJZCcifDFu/6nEkqg1kka+dW0hWk9NQXNF+9uop3biUIgYcoP:FEBkmZofDFu/6nR6SW+woVBlR

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Contacts a large (844) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • UPX packed file 53 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 43 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67d39d9194a79f2f1aa0585b8cbc3a38a651964d72469e27692a62038ae3b412.exe
    "C:\Users\Admin\AppData\Local\Temp\67d39d9194a79f2f1aa0585b8cbc3a38a651964d72469e27692a62038ae3b412.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Users\Admin\AppData\Local\Temp\67d39d9194a79f2f1aa0585b8cbc3a38a651964d72469e27692a62038ae3b412.exe
      "C:\Users\Admin\AppData\Local\Temp\67d39d9194a79f2f1aa0585b8cbc3a38a651964d72469e27692a62038ae3b412.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:1032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus
    Filesize

    2.6MB

    MD5

    a7322c0ba805744c82137309ef062277

    SHA1

    a7e721160f91611ab399948951a5a5d514fde409

    SHA256

    c89a350f2a67be2729932bd4216a02d6b6217704c84a283e07012d442f6ccce5

    SHA512

    d087fe0866f89235d193a5e1de751b3b7601c53b92ecbd092a5ee238b191254130c8a61b48796e4de2f42d77644238e7613f1aa9be8435ffee023c9baeb4c7c5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
    Filesize

    6.3MB

    MD5

    da65929fd71e8d19e6b222335e9bab7c

    SHA1

    c4f28e8c5224d06ccc7b9eb541c13fc91989840d

    SHA256

    f576bf0826c15d0541aecce674636b61b611c0f2cf3c7207237902eb1c2526d2

    SHA512

    6d02bd68cdd073cb2f69f50df5fd73a4f9f0b35f3e23e2c34e241881b45a3e2fe189982d7fadcb1698a767a6f2adb6b76c19c7731206c741c3708a5909acf6e4

    Download Submit
  • memory/1032-3-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-4-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-5-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-6-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-7-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-8-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-21-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-27-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-28-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-31-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-32-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-36-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-37-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-40-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-41-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-42-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-43-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-44-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-45-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-46-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-47-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-48-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-51-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-60-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-61-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-65-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-69-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-70-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-71-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-72-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-76-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-77-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-78-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-80-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-81-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-83-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-85-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-86-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-89-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-94-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-95-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-98-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-92-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-91-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-90-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-88-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-99-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-102-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-103-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-109-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-105-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-112-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1032-101-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1572-1-0x0000000000B20000-0x0000000000CDB000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/1572-2-0x0000000002680000-0x0000000002837000-memory.dmp
    Filesize

    1.7MB

    Download