Overview

overview

10

Static

static

10

4677a35d7f...a2.exe

windows7-x64

9

4677a35d7f...a2.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    133s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4677a35d7f9992e22cfbc49699808de902ac391da4c05e9068df674169a2fea2.exe

  • Size

    134KB

  • MD5

    003aa94b5d59d463ad71112c54a8d06c

  • SHA1

    03cbd26d4465c120ffb882947524aa49f5898dbb

  • SHA256

    4677a35d7f9992e22cfbc49699808de902ac391da4c05e9068df674169a2fea2

  • SHA512

    30ae8f06f9f177b789b9db75c3469927daafe17c3c75974f24e4faaf1bbbf60c3b9257bd08e99720bd106143d7fb40dadcc6bd377a9ff041d4db583aeb45048d

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Qa:riAyLN9aa+9U2rW1ip6pr2At7NZuQa

Score
9/10
persistenceupx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 5 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4677a35d7f9992e22cfbc49699808de902ac391da4c05e9068df674169a2fea2.exe
    "C:\Users\Admin\AppData\Local\Temp\4677a35d7f9992e22cfbc49699808de902ac391da4c05e9068df674169a2fea2.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:1996
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2996 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Update\WwanSvc.exe
      Filesize

      134KB

      MD5

      2193a335abe96f7afbcea2c6d47f31da

      SHA1

      b944886f095f6c4c1bca8e559221742789321081

      SHA256

      f20c0382d5dc8dcf13a20cc0d28b9e757c59085f401d961bafecd7e2af00dda7

      SHA512

      a65e5a00b033a786915e65903b5587dd0c482e83b1989d3edc7ba6bf73678b37ddf085bbd9fbd2cd57d5bdec81ab1c43c8dc9d7c71594a5a3037e0e62319ddce

      Download Submit

    • memory/1996-4-0x0000000000200000-0x0000000000228000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1996-7-0x0000000000200000-0x0000000000228000-memory.dmp

      Filesize

      160KB

      Download

    • memory/5112-0-0x0000000000200000-0x0000000000228000-memory.dmp

      Filesize

      160KB

      Download

    • memory/5112-6-0x0000000000200000-0x0000000000228000-memory.dmp

      Filesize

      160KB

      Download