Overview

overview

7

Static

static

3

f1e87674c6...7b.exe

windows10-2004-x64

7

f1e87674c6...7b.exe

windows7-x64

7

f1e87674c6...7b.exe

windows10-1703-x64

7

f1e87674c6...7b.exe

windows10-2004-x64

7

f1e87674c6...7b.exe

windows11-21h2-x64

7

Resubmissions

07-05-2024 12:36

240507-pta39afh8x 10

07-05-2024 12:36

240507-ps89nafh8t 10

07-05-2024 12:36

240507-ps7qtsae72 10

07-05-2024 12:36

240507-ps65asfh7y 10

07-05-2024 12:36

240507-ps4deafh7w 8

25-04-2024 13:15

240425-qg8z7abb48 7

Analysis

  • max time kernel
    118s
  • max time network
    301s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-04-2024 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe

  • Size

    1.8MB

  • MD5

    74f0926d93b595bb0a97d12fcced1f0e

  • SHA1

    057b3c704de258d5b858afc884495405af2c7426

  • SHA256

    f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

  • SHA512

    08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a

  • SSDEEP

    49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 55 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
    "C:\Users\Admin\AppData\Local\Temp\f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3856
    • C:\Users\Admin\AppData\Local\Temp\f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
      "C:\Users\Admin\AppData\Local\Temp\f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:3980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus
    Filesize

    2.5MB

    MD5

    2980d648c78c4022d9424561f0995f00

    SHA1

    88b745a69b46a1a67cf43e759fbfe510af85dec5

    SHA256

    a69c5e427c091b1b429339c58b4ddb78c917cc719dc0401dd45361d716d1e29b

    SHA512

    1eec6a28547d1adf4564646dca7a19d8b6a503c0506f015b53a640a6edf17b12290ee128b60072cf0d86cd20c16798e724746a1771432b20255b9e3ad05c2e6b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
    Filesize

    11.8MB

    MD5

    ae5c8d4fbcf1ddf307ffdcd83d5351f9

    SHA1

    bb95116a4dbd58bfdd347f47b76d34d42eb48df5

    SHA256

    ebddc83b61b3f3491cac510fa5f0199f944575314405be71847ee6457722e25d

    SHA512

    04e69331eb0b7cd9a3e157c3857e60c9e215b3ba7459a5042eb5e7703d41ec826db9610bb2a3e3c857a70e1338796b94ab6f0587f394186f425cd9a02e7f9c10

    Download Submit
  • memory/3856-2-0x0000000005030000-0x00000000051E7000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/3856-1-0x0000000004E60000-0x0000000005028000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3980-72-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-71-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-8-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-9-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-14-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-15-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-16-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-6-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-25-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-27-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-5-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-36-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-45-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-53-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-54-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-55-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-56-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-57-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-61-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-62-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-60-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-59-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-84-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-67-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-3-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-87-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-63-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-7-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-100-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-103-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-101-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-92-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-98-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-97-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-96-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-95-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-93-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-105-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-90-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-78-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-91-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-81-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-85-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-79-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-77-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-83-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-82-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-73-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-76-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-70-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-69-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-66-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-106-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-65-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/3980-64-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download