Overview

overview

7

Static

static

3

9d3c881c29...9d.exe

windows7-x64

7

9d3c881c29...9d.exe

windows10-1703-x64

7

9d3c881c29...9d.exe

windows10-2004-x64

7

9d3c881c29...9d.exe

windows11-21h2-x64

7

Resubmissions

09-04-2024 13:04

240409-qbet6aff89 10

09-04-2024 13:04

240409-qbd8maff88 8

09-04-2024 13:04

240409-qbdl4aah8z 10

09-04-2024 13:04

240409-qbdbbsff87 7

Analysis

  • max time kernel
    110s
  • max time network
    309s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe

  • Size

    1.9MB

  • MD5

    57c833bfd5042e34bec23dfd711cd151

  • SHA1

    6bcd1915173d57d369e209943be31eebebdd535a

  • SHA256

    9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d

  • SHA512

    3c14531cd81ac2276cac72da573cb5f452c53b96175acca025a8e30251c487fcd382a8bc25a5241e6700832dbb760313bf9e51ffa0fcd480d5ddc6662cbc02e1

  • SSDEEP

    49152:JpOMJqAtfj8YFWZUQUqxbhS+oWOKl9BoKzLPGz+fATq:BJqaj8S8zUqx0xW1KKzLP8w

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 58 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
    "C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4688
    • C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
      "C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:2052
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4856

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
      Filesize

      2.6MB

      MD5

      cc74fe855429ddc5afd0492c81a99ed3

      SHA1

      9f01e7f41fe661b9d0ea01b5618d3ca142e0e9c8

      SHA256

      d4244a317932d44c7cdc64bf716a1452c61bfafd28b8ab0fa85fb785725e8dbc

      SHA512

      4a11e0b81b9714e42841ff7744a1baedc8396589cd275ce0627502c5e9582ecdb279602325c01a07616d5d1e4c635ae9aa12353e3273c310e735c480a3f9c442

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
      Filesize

      11.1MB

      MD5

      7f12f7b6257cfc54da791855a979b015

      SHA1

      f851cf455e6ceccfca9fe953b2724a1bce41bb79

      SHA256

      834a27359126d6bbd00bc6e912805981e901922a935b9f9ef5e17f7120f05888

      SHA512

      ba40ac9bc258a25fd3864b1782efce0f8af1e9a5e532ea8f424097882b5ac76e230dbcbd281898753541f409772505b548f431e8c7daafc5a9e3f455d06bdb8d

      Download Submit
    • memory/2052-4-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-3-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-5-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-6-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-7-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-8-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-13-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-25-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-32-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-33-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-34-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-35-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-40-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-48-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-51-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-52-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-53-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-54-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-56-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-58-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-61-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-57-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-67-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-66-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-70-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-60-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-69-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-62-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-75-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-85-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-96-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-107-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-105-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-100-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-98-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-94-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-93-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-103-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-102-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-101-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-92-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-91-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-90-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-95-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-81-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-80-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-89-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-78-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-87-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-86-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-77-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-76-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-83-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-79-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-74-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-73-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-68-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/2052-72-0x0000000000400000-0x0000000000848000-memory.dmp
      Filesize

      4.3MB

      Download
    • memory/4688-1-0x0000000002820000-0x00000000029E8000-memory.dmp
      Filesize

      1.8MB

      Download
    • memory/4688-2-0x00000000029F0000-0x0000000002BA7000-memory.dmp
      Filesize

      1.7MB

      Download