549fcdd493b68105b4f992a78c9949fee3a519b1e6cd2dd1a098ba7eb61641e4

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:46

Target

549fcdd493b68105b4f992a78c9949fee3a519b1e6cd2dd1a098ba7eb61641e4.exe
Size

9.2MB
MD5

c0774f59fba4635cb9a8defff7af48a9
SHA1

e8133d8cfb7914b341da444327e795216f27c42d
SHA256

549fcdd493b68105b4f992a78c9949fee3a519b1e6cd2dd1a098ba7eb61641e4
SHA512

12a77d2029da72b72a63ca3a7f1a1a36096fd8b5d673080be098bd3eddff186cc04987fb01abfe50a71401bd6cd2723115494e6c15920e14eb3204983b638687
SSDEEP

196608:kj2R7czUEDSzimFkOD7lf1hfrm4hNYAZuDA2nRjgowZSNxhDkD0hDOn:kjXczX5D/Ph3cZRcsRCoDw

Score

9^/10

discovery upx

UPX dump on OEP (original entry point) 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2428-0-0x00000000009D0000-0x0000000001018000-memory.dmp	UPX
behavioral1/memory/2428-15-0x00000000009D0000-0x0000000001018000-memory.dmp	UPX

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2428-0-0x00000000009D0000-0x0000000001018000-memory.dmp	upx
behavioral1/memory/2428-15-0x00000000009D0000-0x0000000001018000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\549fcdd493b68105b4f992a78c9949fee3a519b1e6cd2dd1a098ba7eb61641e4.exe
"C:\Users\Admin\AppData\Local\Temp\549fcdd493b68105b4f992a78c9949fee3a519b1e6cd2dd1a098ba7eb61641e4.exe"
1⤵
PID:2428

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Roaming\MeldaProduction\SystemFonts.cache

Filesize
173B

MD5
3d82cf268db29ac8059ac5093f7608b5

SHA1
974f15f946c7e71a92dc90b6710df1153f48e198

SHA256
b379448466ee7073f54060e991f6dcad37ab55774c05fb14f4f11caf71588d49

SHA512
7ddbae223bfa51338dbc10fdbeef52c23d65aece84eab969f7a642abd63756d8f708e35b9d34b5852dc46101027e2758e0edec90d21851796fc5eac6424d47c7

Download Submit
memory/2428-0-0x00000000009D0000-0x0000000001018000-memory.dmp

Filesize
6.3MB

Download
memory/2428-15-0x00000000009D0000-0x0000000001018000-memory.dmp

Filesize
6.3MB

Download