Overview

overview

7

Static

static

3

9d3c881c29...9d.exe

windows7-x64

7

9d3c881c29...9d.exe

windows10-1703-x64

7

9d3c881c29...9d.exe

windows10-2004-x64

7

9d3c881c29...9d.exe

windows11-21h2-x64

7

Resubmissions

09-04-2024 13:04

240409-qbet6aff89 10

09-04-2024 13:04

240409-qbd8maff88 8

09-04-2024 13:04

240409-qbdl4aah8z 10

09-04-2024 13:04

240409-qbdbbsff87 7

Analysis

  • max time kernel
    99s
  • max time network
    268s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-04-2024 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe

  • Size

    1.9MB

  • MD5

    57c833bfd5042e34bec23dfd711cd151

  • SHA1

    6bcd1915173d57d369e209943be31eebebdd535a

  • SHA256

    9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d

  • SHA512

    3c14531cd81ac2276cac72da573cb5f452c53b96175acca025a8e30251c487fcd382a8bc25a5241e6700832dbb760313bf9e51ffa0fcd480d5ddc6662cbc02e1

  • SSDEEP

    49152:JpOMJqAtfj8YFWZUQUqxbhS+oWOKl9BoKzLPGz+fATq:BJqaj8S8zUqx0xW1KKzLP8w

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 48 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
    "C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
      "C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:2356

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
    Filesize

    2.6MB

    MD5

    cc74fe855429ddc5afd0492c81a99ed3

    SHA1

    9f01e7f41fe661b9d0ea01b5618d3ca142e0e9c8

    SHA256

    d4244a317932d44c7cdc64bf716a1452c61bfafd28b8ab0fa85fb785725e8dbc

    SHA512

    4a11e0b81b9714e42841ff7744a1baedc8396589cd275ce0627502c5e9582ecdb279602325c01a07616d5d1e4c635ae9aa12353e3273c310e735c480a3f9c442

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
    Filesize

    14.2MB

    MD5

    c6be076ff3fb595e0854aa5045f3163d

    SHA1

    bdfb39a272572af81d1899eb4deef394e3786fbb

    SHA256

    015ca0389a985f5c6977433b15c53abe9f93e82c84c3b0dbf621c72b15cf6a31

    SHA512

    b2003c15a29954678505f354c8b44018fe552c2304b33bc88d56534b3a3796b95476f1902dce0bce638e16360b73f668c08f6d6d1c7809210cf6dc21dcbceda6

    Download Submit
  • memory/2280-2-0x0000000002170000-0x0000000002328000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2280-4-0x0000000002330000-0x00000000024E7000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2280-0-0x0000000002170000-0x0000000002328000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2356-71-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-17-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-9-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-10-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-11-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-16-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-92-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-18-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-6-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-28-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-1-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2356-99-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-46-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-52-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-53-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-54-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-58-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-62-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-63-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-64-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-85-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-5-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-76-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-81-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-67-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-8-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-39-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-108-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-107-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-106-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-105-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-103-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-102-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-101-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-98-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-96-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-93-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-90-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-89-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-87-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-84-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-83-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-80-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-78-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-77-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-75-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-72-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-70-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/2356-69-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download