Overview

overview

10

Static

static

3

e6df60c235...ba.exe

windows10-1703-x64

10

e6df60c235...ba.exe

windows7-x64

7

e6df60c235...ba.exe

windows10-1703-x64

7

e6df60c235...ba.exe

windows10-2004-x64

10

e6df60c235...ba.exe

windows11-21h2-x64

7

Resubmissions

17/04/2024, 09:10

240417-k5ehlaaf46 10

17/04/2024, 09:10

240417-k5dw3acb9s 10

17/04/2024, 09:10

240417-k5dlasaf45 10

17/04/2024, 09:10

240417-k5czrsaf44 10

17/04/2024, 09:10

240417-k5cc8scb8z 10

16/04/2024, 14:05

240416-rebgksde3x 10

Analysis

  • max time kernel
    192s
  • max time network
    600s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    17/04/2024, 09:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe

  • Size

    1.9MB

  • MD5

    7fd0e978ae68613a96a07194d82ff058

  • SHA1

    25347be4f94a784cb261229109261aba61853308

  • SHA256

    e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba

  • SHA512

    d8e17eb7737eb4469e19442769c74a4f25d44c75e53c1ff9483b3e76cd93ebb0dc530b3c6e6eed6753186bdff2c1c7af3d170ac69d1a8ca21f949fcdda7daa5e

  • SSDEEP

    24576:8aptmBr8CsPIejX7NsxexfMOSUH2XydxRY18S55ysdCG7QQdhph8BwvyM86:JmBr8JPxDH2XydxRY/5bdN7QQ8BWyX6

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • UPX packed file 43 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 39 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe
    "C:\Users\Admin\AppData\Local\Temp\e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:5012
      • C:\Users\Admin\AppData\Local\Temp\e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe
        "C:\Users\Admin\AppData\Local\Temp\e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Users\Admin\AppData\Local\Temp\e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe
          "C:\Users\Admin\AppData\Local\Temp\e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious behavior: EnumeratesProcesses
          PID:2380
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4408

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus
          Filesize

          2.6MB

          MD5

          436dd6d783d1a7df93340f95d7c87477

          SHA1

          a525248aca4453f479b86efe8baa4abbb932f7ee

          SHA256

          5704c943f7962001efb2a33a8b3e2f2413fd61589f2b628eaeb45a84e85fb702

          SHA512

          2fd4bd221e6c518b8eae2d00484bd6dee391d99e5acc9079247139493d08ebe6b01c07271cf223b4a78f7af1f42587dce78f08ce8d54515ffa2b8c709bc96658

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
          Filesize

          8.2MB

          MD5

          0cfe16e0e2670be663b235c7a2f7c9a9

          SHA1

          c900a772880ba2497b0a7ac3912836841449f8bf

          SHA256

          89f6d09e890d74c8ba1cf5b95016e117f95fc6a57eb1ee3b0f580e3a3a23d3ae

          SHA512

          924ab12cfc39dd9f8d1ffab2f8cdbc536a7d3178086133868f124aa4509a8c895271d1caae4b82346dfef60a22a355b1359d9b59953c8715e38d354643d8328f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba.exe
          Filesize

          1.9MB

          MD5

          3b1eaf69697336c389c2f4b91c7782f4

          SHA1

          c7649995e194921ed2ba31e27afbbbeec7fe3fe0

          SHA256

          0899f861216a0a19c1d76624980ce1b1053b1ad3984b1a4d6e7eb0e95ace3c37

          SHA512

          a29a22bbb837e4ec24123b58efac03da7cfac7cd106d53c8a729fff8630149ae83f05dc961d864d850cc0dd4bf66a26155d904fd1f3858401d3134f130f1393e

          Download Submit

        • C:\Windows\svchost.exe
          Filesize

          35KB

          MD5

          9e3c13b6556d5636b745d3e466d47467

          SHA1

          2ac1c19e268c49bc508f83fe3d20f495deb3e538

          SHA256

          20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8

          SHA512

          5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

          Download Submit

        • memory/1408-3-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2380-77-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-57-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-20-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-16-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-21-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-22-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-23-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-19-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-88-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-38-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-95-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-56-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-84-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-59-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-64-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-66-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-67-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-68-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-69-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-73-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-74-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-97-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-91-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-81-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-92-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-85-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-90-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-87-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-82-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-79-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-71-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-76-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-100-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-112-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-114-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-99-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-107-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-106-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-110-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-98-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-108-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-104-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2380-102-0x0000000000400000-0x0000000000848000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2720-17-0x0000000002AB0000-0x0000000002C67000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2720-15-0x00000000028E0000-0x0000000002AA1000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/4408-37-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/5012-10-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download