Overview

overview

10

Static

static

3

9d3c881c29...9d.exe

windows7-x64

8

9d3c881c29...9d.exe

windows10-1703-x64

7

9d3c881c29...9d.exe

windows10-2004-x64

10

9d3c881c29...9d.exe

windows11-21h2-x64

7

Resubmissions

09-04-2024 13:04

240409-qbet6aff89 10

09-04-2024 13:04

240409-qbd8maff88 8

09-04-2024 13:04

240409-qbdl4aah8z 10

09-04-2024 13:04

240409-qbdbbsff87 7

Analysis

  • max time kernel
    694s
  • max time network
    1197s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-04-2024 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe

  • Size

    1.9MB

  • MD5

    57c833bfd5042e34bec23dfd711cd151

  • SHA1

    6bcd1915173d57d369e209943be31eebebdd535a

  • SHA256

    9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d

  • SHA512

    3c14531cd81ac2276cac72da573cb5f452c53b96175acca025a8e30251c487fcd382a8bc25a5241e6700832dbb760313bf9e51ffa0fcd480d5ddc6662cbc02e1

  • SSDEEP

    49152:JpOMJqAtfj8YFWZUQUqxbhS+oWOKl9BoKzLPGz+fATq:BJqaj8S8zUqx0xW1KKzLP8w

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 53 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
    "C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3604
    • C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
      "C:\Users\Admin\AppData\Local\Temp\9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:988

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
    Filesize

    2.6MB

    MD5

    cc74fe855429ddc5afd0492c81a99ed3

    SHA1

    9f01e7f41fe661b9d0ea01b5618d3ca142e0e9c8

    SHA256

    d4244a317932d44c7cdc64bf716a1452c61bfafd28b8ab0fa85fb785725e8dbc

    SHA512

    4a11e0b81b9714e42841ff7744a1baedc8396589cd275ce0627502c5e9582ecdb279602325c01a07616d5d1e4c635ae9aa12353e3273c310e735c480a3f9c442

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
    Filesize

    9.6MB

    MD5

    58ca5f5f4053721aca2ff4865fbc780c

    SHA1

    8667cd158ba25279c615544e48a5b6e0dd82b9ca

    SHA256

    9b5493d3b300324f5c0bb425a9ba75b76ae3887dc46626c36413ae833b374ca8

    SHA512

    50ffdc337e959bee703a15524b9ffc52ec63ac4986ccdc8ed725b7aa35f6ea97ad4ff8cbc341011e2f88f5502ed23400f0feac26085a56b4b0e7f5dc96bb9727

    Download Submit
  • memory/988-1-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-4-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-2-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-6-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-7-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-8-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-22-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-32-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-33-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-34-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-38-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-39-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-42-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-43-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-44-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-49-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-53-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-57-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-58-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-62-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-63-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-64-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-65-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-69-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-68-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-66-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-71-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-75-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-83-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-89-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-98-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-100-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-99-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-107-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-102-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-90-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-88-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-96-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-85-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-82-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-87-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-86-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-76-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-80-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-79-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-78-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-77-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-70-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-73-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-72-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-108-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-103-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/988-101-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3604-3-0x0000000002610000-0x00000000027CC000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/3604-5-0x00000000027D0000-0x0000000002987000-memory.dmp
    Filesize

    1.7MB

    Download