Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 19:21

General

  • Target

    19a1e85dc1e8af9885a139e12cd94e9acdec1bfd6aa00b956cee40316b97f51b.exe

  • Size

    29KB

  • MD5

    52d4261d193d1d612d621a6e61d188ff

  • SHA1

    bdc7a3e587ffb55bb15dd6a3ff15da11345361f5

  • SHA256

    19a1e85dc1e8af9885a139e12cd94e9acdec1bfd6aa00b956cee40316b97f51b

  • SHA512

    f029de70301f3d45641e6993d23b114630b8349cdacd7447fcf11e9268bd10d1bc7bee403a47d378354fd5717dcb7c7e58ba3ca0277602e5a33fb81af2c448db

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/9L:AEwVs+0jNDY1qi/qF

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19a1e85dc1e8af9885a139e12cd94e9acdec1bfd6aa00b956cee40316b97f51b.exe
    "C:\Users\Admin\AppData\Local\Temp\19a1e85dc1e8af9885a139e12cd94e9acdec1bfd6aa00b956cee40316b97f51b.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    53b6ae61233953394f03f6556a4ba4b9

    SHA1

    30495ee14537b682f80d939f111aef559ebd50f1

    SHA256

    251692a1a0cd602521173863e67120ac69ba9351c3668b6c990be0809919e82e

    SHA512

    ea6de15df19ba9c0dcca4db8c033395934a73dfa7c0b72cfd99bc47eee769df59fa33e0ec56f688de6be8aa35a5fe05fb066d44b72784801cc07470db0711991

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    679eb3dfd0251158bab333bd23954de8

    SHA1

    58dee680562776d81bd987d44290a7acd05f7afd

    SHA256

    f624ce621cda10204452b08070bf3c79ead30d8d9a83d898a349ca1f2068b88a

    SHA512

    b9743d5044df8245a63da8a2701d6727e56236fe271fcdd8480e1496074a4ae6ee4a08ba6b1de54307c43d00ba334f0fe754b8d593063e38cc3a87cf68a151ee

  • C:\Users\Admin\AppData\Local\Temp\Cab6513.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar6525.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\tmp674B.tmp

    Filesize

    29KB

    MD5

    fe3b99da118b68dce0daeb57bb59e2dc

    SHA1

    7c2b7e6bcd8769686ba0d25899d5f3b07c311f80

    SHA256

    1da417c34873a43a732f2f2cc4f4f41e396f782c4cc3c05811b47f1911b7b565

    SHA512

    2f4ce9663e0431a3b5046025d84508204474e0e42db6ac2e697c546562c732de9ea9ce3780debca1becb34edf059cccdff19e328b3628e7765c73254e2e44a7b

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    71fb1e78fcb25cb09377461aec68cf33

    SHA1

    33640d19a1d9a277c6e5b5ced23f8dc0c32bcfcc

    SHA256

    2585bcbbc007a41b654ab56f9c74fc59f646dc0cccb2aefc15c9d91a93e3e86e

    SHA512

    a061c12e0a3b94b0f71eb54f3c937fade1f17f5dc79b95ae7b7d4532966592246e2234b500a04c88eef222f0a8bbe76fc1e1b38b4b67870b1ecf540d201a6fcf

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    5fb783cca7451170d22fd342abc452e5

    SHA1

    6e134d96cc313bfb728b5d3ebf45cb83a858bcee

    SHA256

    c7aeb92598f2dfa28d52eeae23305102fd58f91b28a75d2a1e610422f6204374

    SHA512

    742f30fbb42ac66e61d90247f28e7aa7b157c409debe8610c661e3fe3dd873b617a90f392f1d7aa32bee1051ed697b9b597810c089a45e218cac01c858bd8f85

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/1740-79-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-67-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-32-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-37-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-42-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-11-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-44-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-49-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-86-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-23-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-81-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1740-69-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1904-68-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1904-73-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1904-25-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1904-2-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1904-80-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1904-66-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1904-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1904-48-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1904-17-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1904-9-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1904-43-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1904-8-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB