Overview

overview

10

Static

static

10

459880395f...af.exe

windows7-x64

10

459880395f...af.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 21:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    459880395f07c30402cbf8e31883fbc85637298604788b7e96b460c39fa612af.exe

  • Size

    1.1MB

  • MD5

    049335eccd56ed5291fa5e5dfcfae6de

  • SHA1

    885ec5677bf07b6c90efd92d384fb972c2b58ac9

  • SHA256

    459880395f07c30402cbf8e31883fbc85637298604788b7e96b460c39fa612af

  • SHA512

    0998ce06ee8517f54318eb347171142969877a9a8722d09143ab4125dd7d8fa4180ecbe3405a535678458a1f503c51d7f2a03ccaa34f1992bb788fd4fa4bd913

  • SSDEEP

    12288:2snAsoSezcq1WOg2mb9G+sVlYfUXRPgOvvGPt11Gtg/kKnBJ6:dnAFzP0g+IYfUhDvv+titgM276

Score
10/10
evasionpersistencetrojanupx

Malware Config

Signatures

  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 2 IoCs
    evasiontrojan
  • UPX dump on OEP (original entry point) 6 IoCs
  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\459880395f07c30402cbf8e31883fbc85637298604788b7e96b460c39fa612af.exe
    "C:\Users\Admin\AppData\Local\Temp\459880395f07c30402cbf8e31883fbc85637298604788b7e96b460c39fa612af.exe"
    1⤵
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Checks whether UAC is enabled
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:792
    • C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
      C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
      2⤵
      • UAC bypass
      • Windows security bypass
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Windows security modification
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:3304
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3868 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3864

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
            Filesize

            1.1MB

            MD5

            049335eccd56ed5291fa5e5dfcfae6de

            SHA1

            885ec5677bf07b6c90efd92d384fb972c2b58ac9

            SHA256

            459880395f07c30402cbf8e31883fbc85637298604788b7e96b460c39fa612af

            SHA512

            0998ce06ee8517f54318eb347171142969877a9a8722d09143ab4125dd7d8fa4180ecbe3405a535678458a1f503c51d7f2a03ccaa34f1992bb788fd4fa4bd913

            Download Submit

          • memory/792-0-0x0000000000400000-0x00000000004E4000-memory.dmp

            Filesize

            912KB

            Download

          • memory/792-3-0x0000000000400000-0x00000000004E4000-memory.dmp

            Filesize

            912KB

            Download

          • memory/792-12-0x0000000000400000-0x00000000004E4000-memory.dmp

            Filesize

            912KB

            Download

          • memory/3304-18-0x0000000000400000-0x00000000004E4000-memory.dmp

            Filesize

            912KB

            Download

          • memory/3304-19-0x0000000000400000-0x00000000004E4000-memory.dmp

            Filesize

            912KB

            Download