Overview

overview

10

Static

static

10

aef3e9023c...5b.exe

windows7-x64

9

aef3e9023c...5b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 03:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aef3e9023c11e57a39dfa6ab7c7835b24ff190ccc0aab8dd8a020999d8d9dd5b.exe

  • Size

    651KB

  • MD5

    12b4937e62093e603ef3f056b87989bb

  • SHA1

    23e453eeb944b3a15dfb78a1cb81211c5458dff8

  • SHA256

    aef3e9023c11e57a39dfa6ab7c7835b24ff190ccc0aab8dd8a020999d8d9dd5b

  • SHA512

    417314ec0ad0741fa078004a6d61ec44796c835f665b55f3a38ab3740ca305f6c95287e8315316c9e669c01ea9238ab324611a7a75a6043443682bbcfe0f7af0

  • SSDEEP

    6144:0VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bco1KIE:0gDhdkq5BCoC5LfWSLTUQpr2Zu19QOE

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aef3e9023c11e57a39dfa6ab7c7835b24ff190ccc0aab8dd8a020999d8d9dd5b.exe
    "C:\Users\Admin\AppData\Local\Temp\aef3e9023c11e57a39dfa6ab7c7835b24ff190ccc0aab8dd8a020999d8d9dd5b.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-0-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2008-3-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download