Overview

overview

10

Static

static

10

7beaabecc2...10.exe

windows7-x64

9

7beaabecc2...10.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7beaabecc2ca8c0dcda7c16e0ffad63ad6a44161cef2dd264db2e22734847310.exe

  • Size

    134KB

  • MD5

    e911fdf34db8ae2a249e96a78285eff7

  • SHA1

    4e157288c7de8b88f2f12e4e0abd3e28856b4cd7

  • SHA256

    7beaabecc2ca8c0dcda7c16e0ffad63ad6a44161cef2dd264db2e22734847310

  • SHA512

    5d91d197e1a079273a230349539f4b18dd93c428b8c8d0793b10ca6990b41bad191959f26fbb29469df2473b2a570f3e22085f5648c600498287fa24af922e68

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Q8:riAyLN9aa+9U2rW1ip6pr2At7NZuQ8

Score
9/10
persistenceupx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 6 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7beaabecc2ca8c0dcda7c16e0ffad63ad6a44161cef2dd264db2e22734847310.exe
    "C:\Users\Admin\AppData\Local\Temp\7beaabecc2ca8c0dcda7c16e0ffad63ad6a44161cef2dd264db2e22734847310.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Update\WwanSvc.exe
    Filesize

    134KB

    MD5

    e044d2327d81d7ad1c1e4a1ae1ea00c6

    SHA1

    179415dd72850a74ab1634dd48105243fef2d079

    SHA256

    25b6783328bc6d4f4197e48d99f9ec9a2a5f76498487ef3423c4f648387335aa

    SHA512

    98500cb0546f870b28ee4f1aeb944520f835faf3390db62d9f5287fba4298dbaf9df1b185774a22840ac1592892a7965a8ac74dfeba810a23359d720cc6c3694

    Download Submit

  • memory/2320-0-0x00000000009F0000-0x0000000000A18000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2320-6-0x0000000000260000-0x0000000000288000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2320-8-0x00000000009F0000-0x0000000000A18000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2320-9-0x0000000000260000-0x0000000000288000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2320-11-0x00000000009F0000-0x0000000000A18000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2788-7-0x0000000001130000-0x0000000001158000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2788-10-0x0000000001130000-0x0000000001158000-memory.dmp

    Filesize

    160KB

    Download