Overview

overview

7

Static

static

7

Device/Har...a/.exe

windows7-x64

7

Device/Har...a/.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-04-2024 08:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Device/HarddiskVolume5/$RECYCLE.BIN/S-1-5-21-1159581898-2029943322-2268025737-1451/$R1V677Q/AppData/.exe

  • Size

    1.4MB

  • MD5

    5bafb8a5a86d8d60879ce568534fce46

  • SHA1

    ba887e2a8102aae1dd4301ca95452687ed4911a5

  • SHA256

    e55d01ba10f277a18cd705ce4b0e686bd95d990da859b3482266929838cc0b19

  • SHA512

    a4a603aa1a8656c459c4591c98de79f740f877edbab99de92495d20dd899cff07c6e8270ada5815f8ee7c1d7deeb2792f583674834932cc495b055d8ac3ae404

  • SSDEEP

    24576:4sbp71ajSyk8jQ/rGkG15Qy6VVLAKuA23IgJg15HIwJRqjcOfgbPZBsuJ1:7FZagT/qkI6VVEOz1tvRqjlfGha8

Score
7/10
evasionupx

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 2 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume5\$RECYCLE.BIN\S-1-5-21-1159581898-2029943322-2268025737-1451\$R1V677Q\AppData\.exe
    "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume5\$RECYCLE.BIN\S-1-5-21-1159581898-2029943322-2268025737-1451\$R1V677Q\AppData\.exe"
    1⤵
    • Identifies Wine through registry keys
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:3000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\utt257B.tmp.new
    Filesize

    2KB

    MD5

    0b7f403caf592d384063cf33f8eac14d

    SHA1

    41bcddb35a99451fe7fb3da6ad7a954a50810ee6

    SHA256

    2ac5616e4fd4f553c3e87932b40efe6c53b01d2a5037c513523f0d0005ad9457

    SHA512

    0bcc21d1a2dde58f013653b731370f60562ac42f19fb239fee7b807511ec10b4ea5276fbcbc25e78c8e08b948143fe4a578f329af7ce35e1cb590036d7b01f0f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\uTorrent\toolbar.benc.new
    Filesize

    36KB

    MD5

    f89e94cce6d065d5280ec3ba1caedca1

    SHA1

    1e6f3aef91ec46c723377e1d6212dc5538bab1ca

    SHA256

    6b19170e1dd285767d7a27ca75b360deb3ce50ed54c910635b2ac837c60ee2b2

    SHA512

    a1b70bf860d299c595eb20b5ab9ee6605df0c8acd16949cc64b8786115bcf35bf745ad118668fcba131d063e1174529797d10c655eee09d580c8c2b7af9e25a8

    Download Submit

  • memory/3000-51-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-46-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-47-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-48-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-49-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-50-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-0-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-53-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-54-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-55-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-56-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-57-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-59-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-60-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3000-61-0x0000000000400000-0x00000000007C4000-memory.dmp

    Filesize

    3.8MB

    Download