Overview

overview

7

Static

static

7

89835a3856...b8.exe

windows7-x64

7

89835a3856...b8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 10:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89835a3856c5a05565c6a630f010d689bf51971f35ae76d7e887374c0c0615b8.exe

  • Size

    2.6MB

  • MD5

    4f34bdb533ae01ffbcc9fb9769574d3e

  • SHA1

    88c6836b121ede560df874061f702cae20ef5741

  • SHA256

    89835a3856c5a05565c6a630f010d689bf51971f35ae76d7e887374c0c0615b8

  • SHA512

    7f2592d44af8ebd58e0bb5b90712bc3414e38cf9f6fca21e3eb023a7df109dd6d31b711b484a3946e1edbb5bdb05fcd76f521498e349dac4109bd693a36e29ad

  • SSDEEP

    49152:yVmN92ZWZQWU4i+OTJC4AojXu8F3kKo5+skQJAXjuUCKNLp1i+:jLVhizwL4Xu8FU55+sZY51/

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89835a3856c5a05565c6a630f010d689bf51971f35ae76d7e887374c0c0615b8.exe
    "C:\Users\Admin\AppData\Local\Temp\89835a3856c5a05565c6a630f010d689bf51971f35ae76d7e887374c0c0615b8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Roaming\lsy\rar.exe
      "C:\Users\Admin\AppData\Roaming\lsy\rar.exe" x -iext -ow -o- "C:\Users\Admin\AppData\Local\Temp\sound.rar" "C:\Users\Admin\AppData\Local\Temp\sound\"
      2⤵
      • Executes dropped EXE
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sound.rar
    Filesize

    1.0MB

    MD5

    c873d4fb16bbc4698fa44708018bd7ee

    SHA1

    4d02f6ff24ec4e4a547c34e7d76c6ffdb34bbb98

    SHA256

    4f4ade1d06da7625415f224852f1a7126d9765a289dc959cdac2ef72bfc29cbb

    SHA512

    92ecef6f749de3998e8f9116b2b9b727860df9121aca289c3cd73ca21db832bb32f8c62fa35d84040d5cf3b26dc6e1a7f7c28390416de0dfdfd43a24dfe1c9a6

    Download Submit

  • \Users\Admin\AppData\Roaming\lsy\rar.exe
    Filesize

    411KB

    MD5

    a88fa89a5d81958246c52245fa00d654

    SHA1

    25074e75745873d4d4aa685273d69049127757c2

    SHA256

    fbade60d16b120a4cfc84bf65e0b80239f49accb2aa063283ae3c8e33df40738

    SHA512

    791febeecfdfb2131ea942718e2ce081db83ace5309ceca6c2e08a3f1bd6b563b791e07f9606ab77328dc9b031b1a3d137e69b2226d9b5a79b5dc8d4b8dff5b8

    Download Submit

  • memory/2328-0-0x0000000000400000-0x0000000000EB6000-memory.dmp

    Filesize

    10.7MB

    Download

  • memory/2328-33-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2328-35-0x0000000000400000-0x0000000000EB6000-memory.dmp

    Filesize

    10.7MB

    Download