Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 11:45

Errors

Reason
Task went missing from backend

General

  • Target

    a33f5b7211ad0b65645e13dc2294799e206b3a37c2e36126d00651cf03228fc5.exe

  • Size

    9.6MB

  • MD5

    0185b65cbd159d77d5134003a55fca6d

  • SHA1

    591531498a699f7c5cd362c108e9727f521eb750

  • SHA256

    a33f5b7211ad0b65645e13dc2294799e206b3a37c2e36126d00651cf03228fc5

  • SHA512

    165c7048aff46b5e00e8c75cb273895c6fd97387c2aa18096a54fa6f75db8952fbe2b3a8ea75dbd0f67449fd5a3402e56d71bf4ab7d955a1b84fc7d3310594ff

  • SSDEEP

    196608:mINvyoHJD9jJzkJLNtm9u/i9jxIRpbp/ucD569ivLS6ef2X2m2+IJb:m2HpD9j4Lau/OS3pWM5JvLS6efKH2+o

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a33f5b7211ad0b65645e13dc2294799e206b3a37c2e36126d00651cf03228fc5.exe
    "C:\Users\Admin\AppData\Local\Temp\a33f5b7211ad0b65645e13dc2294799e206b3a37c2e36126d00651cf03228fc5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Users\Admin\AppData\Local\Temp\a33f5b7211ad0b65645e13dc2294799e206b3a37c2e36126d00651cf03228fc5.exe
      "C:\Users\Admin\AppData\Local\Temp\a33f5b7211ad0b65645e13dc2294799e206b3a37c2e36126d00651cf03228fc5.exe" 1879536
      2⤵
      • Loads dropped DLL
      • Enumerates connected drives
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2408

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\E2EECore.2.7.2.dll

          Filesize

          8.4MB

          MD5

          8b6c94bbdbfb213e94a5dcb4fac28ce3

          SHA1

          b56102ca4f03556f387f8b30e2b404efabe0cb65

          SHA256

          982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

          SHA512

          9d6d63b5d8cf7a978d7e91126d7a343c2f7acd00022da9d692f63e50835fdd84a59a93328564f10622f2b1f6adfd7febdd98b8ddb294d0754ed45cc9c165d25a

        • memory/2848-55-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-53-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-39-0x0000000000400000-0x000000000184D000-memory.dmp

          Filesize

          20.3MB

        • memory/2848-36-0x0000000000400000-0x000000000184D000-memory.dmp

          Filesize

          20.3MB

        • memory/2848-32-0x0000000000350000-0x0000000000351000-memory.dmp

          Filesize

          4KB

        • memory/2848-34-0x0000000000350000-0x0000000000351000-memory.dmp

          Filesize

          4KB

        • memory/2848-30-0x0000000000350000-0x0000000000351000-memory.dmp

          Filesize

          4KB

        • memory/2848-65-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-69-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-51-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-63-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-61-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-90-0x0000000000400000-0x000000000184D000-memory.dmp

          Filesize

          20.3MB

        • memory/2848-91-0x00000000008BE000-0x0000000000EC0000-memory.dmp

          Filesize

          6.0MB

        • memory/2848-92-0x0000000000400000-0x000000000184D000-memory.dmp

          Filesize

          20.3MB

        • memory/2848-59-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-57-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-0-0x00000000002F0000-0x00000000002F1000-memory.dmp

          Filesize

          4KB

        • memory/2848-38-0x00000000008BE000-0x0000000000EC0000-memory.dmp

          Filesize

          6.0MB

        • memory/2848-47-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-67-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-49-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-46-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-48-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-44-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/2848-29-0x0000000000340000-0x0000000000341000-memory.dmp

          Filesize

          4KB

        • memory/2848-27-0x0000000000340000-0x0000000000341000-memory.dmp

          Filesize

          4KB

        • memory/2848-24-0x0000000000330000-0x0000000000331000-memory.dmp

          Filesize

          4KB

        • memory/2848-22-0x0000000000330000-0x0000000000331000-memory.dmp

          Filesize

          4KB

        • memory/2848-19-0x0000000000320000-0x0000000000321000-memory.dmp

          Filesize

          4KB

        • memory/2848-17-0x0000000000320000-0x0000000000321000-memory.dmp

          Filesize

          4KB

        • memory/2848-14-0x0000000000310000-0x0000000000311000-memory.dmp

          Filesize

          4KB

        • memory/2848-12-0x0000000000310000-0x0000000000311000-memory.dmp

          Filesize

          4KB

        • memory/2848-9-0x0000000000300000-0x0000000000301000-memory.dmp

          Filesize

          4KB

        • memory/2848-7-0x0000000000300000-0x0000000000301000-memory.dmp

          Filesize

          4KB

        • memory/2848-5-0x0000000000300000-0x0000000000301000-memory.dmp

          Filesize

          4KB

        • memory/2848-4-0x00000000002F0000-0x00000000002F1000-memory.dmp

          Filesize

          4KB

        • memory/2848-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

          Filesize

          4KB