Overview

overview

10

Static

static

10

2024052521...im.exe

windows7-x64

7

2024052521...im.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 05:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024052521974253f51c4308a41f0053eb149482icedidnymaim.exe

  • Size

    20.6MB

  • MD5

    21974253f51c4308a41f0053eb149482

  • SHA1

    7d8d1dcb62fe19d0670d2c3fe85376fd3d165010

  • SHA256

    eca57322ceb5d8a98f261638e69b59caeea1ff7a090c55ade127eaf2b5fc013c

  • SHA512

    6ce76acb3ea7a89a6976c280450ef72d333b6d4c2729df2ff7c43a369dc0c2e9ac5eabb56a0f3cf3b40975aff12a1b17721a065b20b07ebf667d6026339d1f8c

  • SSDEEP

    393216:q9kNFLk+cEoRc00HX7rEc00HXPwe7rm3cZEo0:pNFLmCp3HLp/bHm3cO

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024052521974253f51c4308a41f0053eb149482icedidnymaim.exe
    "C:\Users\Admin\AppData\Local\Temp\2024052521974253f51c4308a41f0053eb149482icedidnymaim.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 412
      2⤵
      • Loads dropped DLL
      • Program crash
      PID:2304

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\clinkAPI.dll
          Filesize

          640KB

          MD5

          a98e532c4cba74e894a6111b750a26a8

          SHA1

          f9d349d7f927e0ed9af3a6cbf706fb5e579f675f

          SHA256

          df44fa16321ad62177f4f152224abbf610994f0ecb5b5053fa8c5d16c9f529ca

          SHA512

          51c593d3e1f495cadbbc45784742ed6a0ee4618b18034b46b453a5db0a29314953628824777b9b398762f36b44c6c0267ef511b4dde73ca03e561d46987fbd76

          Download Submit

        • memory/1640-0-0x0000000000390000-0x000000000039B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1640-1-0x0000000000390000-0x000000000039B000-memory.dmp

          Filesize

          44KB

          Download