Overview

overview

7

Static

static

3

78818632a8...ea.exe

windows7-x64

7

78818632a8...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78818632a8df1ae7c4b23d9c25be4b646dacd8766a28fc62670c90e848e72eea.exe

  • Size

    125KB

  • MD5

    0178804b49465e558664c0e139aebef0

  • SHA1

    8d739910a33d9d7ce7aaeaa9b6676a91a36b1336

  • SHA256

    78818632a8df1ae7c4b23d9c25be4b646dacd8766a28fc62670c90e848e72eea

  • SHA512

    e0d89935e5c126d3e836901a31f57ac52fc77e5a915aa555722324beac28bd4e718255b37c9235c8dacc4219447a7d8575b5c342d3aac05d6fed735adef439c1

  • SSDEEP

    3072:2EboFVlGAvwsgbpvYfMTc72L10fPsout:FBzsgbpvnTcyOPsoS

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 33 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 23 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78818632a8df1ae7c4b23d9c25be4b646dacd8766a28fc62670c90e848e72eea.exe
    "C:\Users\Admin\AppData\Local\Temp\78818632a8df1ae7c4b23d9c25be4b646dacd8766a28fc62670c90e848e72eea.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\System32\svchost.exe -EMBEDDING 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530445D474A422F565840 0
      2⤵
        PID:2300
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\System32\svchost.exe -EMBEDDING 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530445D474A422F565840 0
        2⤵
        • Deletes itself
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:4636
    • C:\Windows\system32\cmd.exe
      cmd.exe /c call "C:\Program Files\Common Files\Microsoft\1D11D1E\KVEIF.jpg" -3 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530445D474A422F565840
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:592
      • C:\Program Files\Common Files\Microsoft\1D11D1E\KVEIF.jpg
        "C:\Program Files\Common Files\Microsoft\1D11D1E\KVEIF.jpg" -3 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530445D474A422F565840
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3084
        • C:\Windows\SysWOW64\svchost.exe
          C:\Windows\System32\svchost.exe -sys 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530445D474A422F565840 0
          3⤵
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious use of AdjustPrivilegeToken
          PID:2556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1E\1D11D1E123.IMD
      Filesize

      126KB

      MD5

      00bf18fd45b09730376422be720041bb

      SHA1

      f14449678a74ff854ac632760f72dca918284f91

      SHA256

      5e3d658f2bb06ef6ddc044726179eee7fe9d1ccfbe922771f184d0bf9603e773

      SHA512

      c1fdf68412ec85a3553dcb750b2f76a474306879f5bd38d6cee6ed8d11bcdc21a4a1ad4186ad6132e30fdbf295e8e075da81030b0c593f6a1a3d7c8cafc32697

      Download Submit
    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1E\KVEIF.jpg
      Filesize

      125KB

      MD5

      9a39fc2cc1a57b680fb951c63b77e9a6

      SHA1

      a61a56d8a2539ebbe66e2ae66fe0d4b027dbd5fc

      SHA256

      2edade9bbc12b943728abe4f73a7fda05e1fd36d6718d78b0239ca6cd730be73

      SHA512

      616ac9aa835669b629b4b64a718ed64c437fc4e44418abee2c091419292fa467d948d601297636b8a83bf460eb021e3b578632697469b47fb276d3c903affb5c

      Download Submit
    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1E\KVEIFss1.ini
      Filesize

      22B

      MD5

      453d2fc74da6d001a4fdd6734163c7c7

      SHA1

      ee0df26826350e252bfc43d21041053df079ca10

      SHA256

      f04003dc50539b7d9bbf491ecdab32b96b997377d8928bf4273a584e38eac98c

      SHA512

      6449257622d018a5c964ce4c1a1ead4f03db5bca23d0263aee775f096ef3063bbb61d0b1223c1f956a4de3468d3c55dae781d5851ccebc7c62dfd6e9e3d5a434

      Download Submit
    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1E\ok.txt
      Filesize

      104B

      MD5

      9e42e92d2d60f950066f15d4258fc4aa

      SHA1

      0537f03b07a9545991dea0982adcbad90d4eec9e

      SHA256

      5a9a86640f04e835e6c3272939a4516276f2d600566c5de0fe1ae779c9705bbc

      SHA512

      23d1e48153f5c21ec7b47577464adc395bf2e84d98882690f364b05f4d258d848d57747b4165ebc4e2cdc759393f076791ecbe07b443cdb8078aa2dc4a9aae8e

      Download Submit
    • C:\Program Files\Common Files\Microsoft\1D11D1E\KVEIF.jpg
      Filesize

      125KB

      MD5

      a1e14f4fd88ab7505d325794e1b2fe62

      SHA1

      e81ea422dcfbcfeba0fad1918460868c04fb18e4

      SHA256

      16e770889a84407de124a9fa66e82a4d9a75f72586b12658ec4ed1e43dc5f989

      SHA512

      9fdcd119418d3d32b2f5d0a069b4b76df350c09f29fa0602f3f30f1f7bae1f7c9a215c23978ee26ac3bbaff8f561f7de184755c14efb9827d7198f5e0ec89fdd

      Download Submit
    • C:\Program Files\Common Files\microsoft shared\MSInfo\1D11D1E\KVEIFmain.ini
      Filesize

      1KB

      MD5

      19aca18ab379f927e272a5b9d30bd287

      SHA1

      9c91c8e0a30bc4f40596c952b2ae8e22f510b8f8

      SHA256

      e852e6c79ab9ced44a28323210f74f4175ecbc5bf3a5256397b27412fa8bccbc

      SHA512

      8ebd3f2b6570b9b60e2bbdce50770e3eb6f8716a3d8ade1efb4f7401af2d698531457544de7090ac1ce1cb49e752d0a1222d5d0d7a1224bae3d04c38fb81d4d0

      Download Submit
    • C:\Windows\SysWOW64\kernel64.dll
      Filesize

      625KB

      MD5

      eccf28d7e5ccec24119b88edd160f8f4

      SHA1

      98509587a3d37a20b56b50fd57f823a1691a034c

      SHA256

      820c83c0533cfce2928e29edeaf6c255bc19ac9718b25a5656d99ffac30a03d6

      SHA512

      c1c94bbb781625b2317f0a8178d3a10d891fb71bca8f82cd831c484e8ab125301b82a14fe2ff070dc99a496cc00234300fa5536401018c40d49d44ae89409670

      Download Submit
    • C:\Windows\Web\606C646364636479.tmp
      Filesize

      108KB

      MD5

      f697e0c5c1d34f00d1700d6d549d4811

      SHA1

      f50a99377a7419185fc269bb4d12954ca42b8589

      SHA256

      1eacebb614305a9806113545be7b23cf14ce7e761ccf634510a7f1c0cfb6cd16

      SHA512

      d5f35672f208ebbe306beeb55dadde96aa330780e2ea84b45d3fa6af41369e357412d82978df74038f2d27dff4d06905fd0b4d852b0beef1bcfdd6a0849bc202

      Download Submit
    • memory/2000-31-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-29-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-17-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-15-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-13-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-9-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-23-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-7-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-4-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-2-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-5-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-21-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-25-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-11-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-33-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-32-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-19-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2000-27-0x00000000005B0000-0x0000000000605000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2556-197-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/2556-246-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/4636-100-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/4636-127-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-105-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-104-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-125-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-131-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-129-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-113-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-115-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-107-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-124-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-121-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-119-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-117-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-103-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/4636-101-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/4636-97-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/4636-109-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/4636-245-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/4636-111-0x0000000000F90000-0x0000000000FE5000-memory.dmp
      Filesize

      340KB

      Download