Overview

overview

10

Static

static

3

9bb0954a71...40.exe

windows7-x64

7

9bb0954a71...40.exe

windows7-x64

7

9bb0954a71...40.exe

windows10-1703-x64

8

9bb0954a71...40.exe

windows10-2004-x64

7

9bb0954a71...40.exe

windows11-21h2-x64

10

Resubmissions

26-04-2024 07:51

240426-jp4xwacb3v 10

26-04-2024 07:51

240426-jp4l4scb3t 10

26-04-2024 07:51

240426-jp31kscb53 8

26-04-2024 07:51

240426-jpwaqscb47 10

26-04-2024 07:51

240426-jpvn7scb2x 7

25-04-2024 12:59

240425-p8jzpsba43 10

Analysis

  • max time kernel
    296s
  • max time network
    1805s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2024 07:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe

  • Size

    1.9MB

  • MD5

    1457ef90efde49a7ee83080ce051d6f7

  • SHA1

    8ca6d983fe2997fa7009458383b84e0d1edeb279

  • SHA256

    9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40

  • SHA512

    582628e02510812e0ed06cc05a1bfb98e96f019935efb71d23dd94745a0c5db12771bf0c81579dd7ad4f44b90e7192b95d5d2ed4a6649adc00b486c28df643d0

  • SSDEEP

    49152:Vbe6aahW7iaBUHvG+vxz90ChL0WF+UIGDDS/NL:vaaA7iYb+dtQWFZvSR

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 54 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 37 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Users\Admin\AppData\Local\Temp\9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:1924

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
    Filesize

    2.5MB

    MD5

    940b2445aec8067b3e55fd525cfc68f8

    SHA1

    dcd03811fbe29b63511458737570d61f0086dcba

    SHA256

    fa705ef3d922d181c9d84af2658788e69ea86c0d12f04602d12b29f10aa220b5

    SHA512

    c27cb8652324dfd4aef8522d5768bc2d54d84554e0f0f6dbe16b053224f8dedba772cc77c79cc8ff749fe2985639d691f8205953f4f080ce91a3cff9083b9aa2

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
    Filesize

    7.0MB

    MD5

    da7f6a6171873d204c66ab9dbf639a27

    SHA1

    deac8385f57fb9f15841faaf9834e4e3cec1ecbe

    SHA256

    5414b1d01714f2110c03bc17e287934df9e658c71a13dc639608da5ee293f344

    SHA512

    9721e444a81fa254942cd08cea1fafc3237d2b2f00e9704ae1d26b4bfddc83f25f6ccc4e531bafb4708a85183907dcacc2c6984d56698bf7e4e632a090a1556e

    Download Submit
  • memory/1924-3-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-5-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-6-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-7-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-8-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-9-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-22-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-23-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-24-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-25-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-26-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-28-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-33-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-36-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-37-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-38-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-43-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-44-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-50-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-61-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-62-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-63-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-67-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-68-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-72-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-75-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-74-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-77-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-80-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-79-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-76-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-73-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-71-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-69-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-90-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-83-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-89-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-82-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-85-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-99-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-87-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-95-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-94-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-93-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-91-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-98-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-96-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-104-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-103-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-105-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-100-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-107-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-101-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-110-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4904-1-0x0000000002800000-0x00000000029C6000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/4904-2-0x00000000029D0000-0x0000000002B87000-memory.dmp
    Filesize

    1.7MB

    Download