Overview

overview

8

Static

static

3

9d3c881c29...9d.exe

windows7-x64

7

9d3c881c29...9d.exe

windows10-1703-x64

7

9d3c881c29...9d.exe

windows10-2004-x64

8

9d3c881c29...9d.exe

windows11-21h2-x64

7

Resubmissions

09-04-2024 13:04

240409-qbet6aff89 10

09-04-2024 13:04

240409-qbd8maff88 8

09-04-2024 13:04

240409-qbdl4aah8z 10

09-04-2024 13:04

240409-qbdbbsff87 7

Analysis

  • max time kernel
    1195s
  • max time network
    1205s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-04-2024 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe

  • Size

    1.9MB

  • MD5

    57c833bfd5042e34bec23dfd711cd151

  • SHA1

    6bcd1915173d57d369e209943be31eebebdd535a

  • SHA256

    9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d

  • SHA512

    3c14531cd81ac2276cac72da573cb5f452c53b96175acca025a8e30251c487fcd382a8bc25a5241e6700832dbb760313bf9e51ffa0fcd480d5ddc6662cbc02e1

  • SSDEEP

    49152:JpOMJqAtfj8YFWZUQUqxbhS+oWOKl9BoKzLPGz+fATq:BJqaj8S8zUqx0xW1KKzLP8w

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 55 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
    "C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
      "C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:4412
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 23080
        3⤵
        • Program crash
        PID:10112

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
    Filesize

    2.6MB

    MD5

    cc74fe855429ddc5afd0492c81a99ed3

    SHA1

    9f01e7f41fe661b9d0ea01b5618d3ca142e0e9c8

    SHA256

    d4244a317932d44c7cdc64bf716a1452c61bfafd28b8ab0fa85fb785725e8dbc

    SHA512

    4a11e0b81b9714e42841ff7744a1baedc8396589cd275ce0627502c5e9582ecdb279602325c01a07616d5d1e4c635ae9aa12353e3273c310e735c480a3f9c442

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
    Filesize

    9.9MB

    MD5

    cf18c66d65b5b1c854e396d8d7098e64

    SHA1

    eb0a31347cedc46ab095d9319517e4aafe1154ee

    SHA256

    676125c541a610462e64b74c92e9fc575d8c932b68467b9e8d480d860da7eefc

    SHA512

    d6e8ac6378b9f907dc318f1aadd7ef86be6a905b4b919b588d4c7ac06c575fefe58b10f2b059f536948c2b871951593de4ff1bb668ba74d9b9d99183583e5301

    Download Submit
  • memory/1344-1-0x0000000002640000-0x0000000002805000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1344-2-0x0000000002810000-0x00000000029C7000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/4412-3-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-5-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-6-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-7-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-8-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-9-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-14-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-15-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-22-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-39-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-47-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-48-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-49-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-52-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-56-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-57-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-58-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-62-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-63-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-64-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-68-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-72-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-73-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-74-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-75-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-76-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-77-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-79-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-80-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-78-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-87-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-86-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-93-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-109-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-108-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-116-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-113-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-111-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-110-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-106-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-105-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-104-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-101-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-100-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-99-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-97-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-96-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-94-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-92-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-91-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-90-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-88-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-83-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-82-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4412-84-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download