Overview

overview

7

Static

static

3

1066eec974...fc.exe

windows7-x64

7

1066eec974...fc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1066eec974a49a38c6926650d2a13720a61df1e3be7f72fa46543e1e9fd2d5fc.exe

  • Size

    12.9MB

  • MD5

    f2b2e465c87336bcfa9031cf67352d9f

  • SHA1

    205393c0440366d5718306bf355d2d0057306a6d

  • SHA256

    1066eec974a49a38c6926650d2a13720a61df1e3be7f72fa46543e1e9fd2d5fc

  • SHA512

    abbb8f0c303dadaa445651f26dd156efb118394942464dd10a56e8947ff5c7cd5d687d0017195d47c2b6baff3e8bf559f143d91cabe4cdf70f038dbfd9366936

  • SSDEEP

    393216:skp4W171LyjG920082mFFE5Z4xLZbji5TQ:8mpLi1uNdsTQ

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1066eec974a49a38c6926650d2a13720a61df1e3be7f72fa46543e1e9fd2d5fc.exe
    "C:\Users\Admin\AppData\Local\Temp\1066eec974a49a38c6926650d2a13720a61df1e3be7f72fa46543e1e9fd2d5fc.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\92pkÌìÑÄÌؽä\1066eec974a49a38c6926650d2a13720a61df1e3be7f72fa46543e1e9fd2d5fc.exe
      C:\92pkÌìÑÄÌؽä\1066eec974a49a38c6926650d2a13720a61df1e3be7f72fa46543e1e9fd2d5fc.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\del.dat
    Filesize

    102B

    MD5

    0bfa03b69330413e7867e14c06f06074

    SHA1

    2910918c4c59f341f696d4b3482268e8d96d5976

    SHA256

    83477dbc7b6936a19f2b552b07439612caf781fdcda189582a1a127a11960926

    SHA512

    3b39a2c1b233db8a0efed8fac31b8989424b27c825608bbcbdffaf5644b2dde735da2d3742fa396a444928c16233383050d03057c28745cc73acd3fd89ec508d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec43e2d953fe04e382b6eaaad8a95dc9.txt
    Filesize

    15B

    MD5

    52dfe2623e78235bee22eacec89e9cb5

    SHA1

    a9eb230a0219e4a2f1ca32daea53be0004fdbf8c

    SHA256

    7788dab66c748e32a563d51dc670b20b351c493653df3493eb7c760a71cff9d3

    SHA512

    b308e3dddb17c740f797eec32e6dc049e0f3f49a4cfe985cc5f7f9a26009cda975e6529d03b959be0d550db6aaf377ecac1662bf2e7ab3e24650e14fc828bd71

    Download Submit

  • \92pkÌìÑÄÌؽä\1066eec974a49a38c6926650d2a13720a61df1e3be7f72fa46543e1e9fd2d5fc.exe
    Filesize

    12.9MB

    MD5

    f2b2e465c87336bcfa9031cf67352d9f

    SHA1

    205393c0440366d5718306bf355d2d0057306a6d

    SHA256

    1066eec974a49a38c6926650d2a13720a61df1e3be7f72fa46543e1e9fd2d5fc

    SHA512

    abbb8f0c303dadaa445651f26dd156efb118394942464dd10a56e8947ff5c7cd5d687d0017195d47c2b6baff3e8bf559f143d91cabe4cdf70f038dbfd9366936

    Download Submit

  • memory/1312-25-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1312-2-0x0000000000820000-0x000000000082B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1312-3-0x0000000002660000-0x0000000002661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1312-5-0x0000000002670000-0x0000000002671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1312-16-0x0000000007F00000-0x00000000082D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1312-17-0x0000000007F00000-0x00000000082D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1312-1-0x0000000000820000-0x000000000082B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1312-4-0x0000000002290000-0x0000000002291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1312-0-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1312-26-0x0000000000820000-0x000000000082B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2768-21-0x0000000000870000-0x0000000000871000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-22-0x0000000002220000-0x0000000002221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-19-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2768-20-0x0000000000290000-0x000000000029B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2768-18-0x0000000000290000-0x000000000029B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2768-45-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2768-47-0x0000000000290000-0x000000000029B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2768-49-0x0000000000400000-0x00000000007D7000-memory.dmp

    Filesize

    3.8MB

    Download