Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    18-04-2024 20:23

General

  • Target

    31245909abe7e3eb85f7f068f60c0ac358ce0425f2869f54002360876a8432f1.exe

  • Size

    23KB

  • MD5

    22da8a202ad9749ac2c802fbd3cf486c

  • SHA1

    4cd89e7ea364c0d17ae9a7627b53167f807e4d0b

  • SHA256

    31245909abe7e3eb85f7f068f60c0ac358ce0425f2869f54002360876a8432f1

  • SHA512

    4360d0e7df1d9294afc89de36df043807a06bc96a9fbbf1e8dc03c4de44c8e67655bd6d2003b881c3c879452850735afbb9abad251926d5f0339440949fde5a4

  • SSDEEP

    384:6gvlQoGKdivmICib0666666666RJ70uIabjbt3TUAKoYQW9EsHyLcO:x2oGKdJ5i0uIaOUYP27

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31245909abe7e3eb85f7f068f60c0ac358ce0425f2869f54002360876a8432f1.exe
    "C:\Users\Admin\AppData\Local\Temp\31245909abe7e3eb85f7f068f60c0ac358ce0425f2869f54002360876a8432f1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Users\Admin\AppData\Local\Temp\codecupdate.exe
      "C:\Users\Admin\AppData\Local\Temp\codecupdate.exe"
      2⤵
      • Executes dropped EXE
      • Modifies system certificate store
      PID:2988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\codecupdate.exe

    Filesize

    23KB

    MD5

    26cc1ecda50b23ddeed1762c527806e6

    SHA1

    86ec11fa8007866bfe08f340bb9dbb9c3987b6b9

    SHA256

    74e14f31acd702f923c16cc170219b34ec96625f8a873f225073202ca210ba94

    SHA512

    e55a38b61166220ef25f1d667426c6fba9d6030f821b5cccab279657121e18c9faff12dcfa6ec74e31795568e5bd93f19fdf78dba8c4ee0acdd83dc140e2a238

  • memory/1876-0-0x0000000000500000-0x000000000050D000-memory.dmp

    Filesize

    52KB

  • memory/1876-2-0x0000000000500000-0x000000000050D000-memory.dmp

    Filesize

    52KB

  • memory/1876-9-0x0000000000610000-0x000000000061D000-memory.dmp

    Filesize

    52KB

  • memory/2988-11-0x0000000000500000-0x000000000050D000-memory.dmp

    Filesize

    52KB