Overview

overview

10

Static

static

10

322b4a5e5a...05.exe

windows7-x64

9

322b4a5e5a...05.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 20:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405.exe

  • Size

    327KB

  • MD5

    015e231fd6b583357a8cec450a5cbb0e

  • SHA1

    092a6d4485384d5d62f3e04fe19d70aed6fc5f22

  • SHA256

    322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405

  • SHA512

    636b099ebfd96f35d690d5f610ae45f106d4c9de40ca88ebd0c88bcb51674b2da5533a72bb6eb79c022112f94ef717e24e69ac99e094d6d147fb6876055c1259

  • SSDEEP

    6144:bTz+WrPFZvTXb4RyW42vFlOloh2E+7cIozDJq5pyA:bTBPFV0RyWl3h2E+7cC5l

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 7 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405.exe
    "C:\Users\Admin\AppData\Local\Temp\322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe"
        3⤵
        • Executes dropped EXE
        PID:2684

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
          Filesize

          327KB

          MD5

          c18b2ceb9aff1a2e0c94e57ecf008988

          SHA1

          e1d36103c93f3e5e67ad70e3c6664cf587aabd98

          SHA256

          346458e54ead293ff2889b6b89d9d5e9835fb52a866654468ca6ae2d7676d221

          SHA512

          41bb9490eb55e779244b95a600800953d8523f40a13eca041e5e823c219a69cd1e45f9e273739cd019dd67fd7f1e52d8fb8eb714dd35737f39c3b879bc7f6bc0

          Download Submit

        • memory/2364-0-0x0000000000AD0000-0x0000000000B24000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2364-33-0x0000000002720000-0x0000000002730000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2364-36-0x00000000027F0000-0x0000000002844000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2364-44-0x0000000000AD0000-0x0000000000B24000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2364-48-0x00000000027F0000-0x0000000002844000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2684-47-0x00000000002C0000-0x0000000000314000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2880-46-0x00000000002C0000-0x0000000000314000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2880-49-0x00000000002C0000-0x0000000000314000-memory.dmp

          Filesize

          336KB

          Download