Overview

overview

9

Static

static

3

3a5833df19...db.exe

windows7-x64

9

3a5833df19...db.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    45s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a5833df19607946bc8cb51577675176b6b4f55a87c1b2ec72ce9025b93f12db.exe

  • Size

    476KB

  • MD5

    566dcb7c5cc7df524025c3c35feafdbe

  • SHA1

    bfc7d2e5ef315daaa18b09410f1fb9f4dc3601cb

  • SHA256

    3a5833df19607946bc8cb51577675176b6b4f55a87c1b2ec72ce9025b93f12db

  • SHA512

    4a6e1d7cc0adb4ba0b45b58da46448e3a6291164372687d195427f6e40a6fdeb4b34740970bc235f735a054271108517e1c9b91f3c6a2ec525dc8e4c35590d28

  • SSDEEP

    3072:Jin8r+coP2W0XgEU5IuY2R8FD8edLhb9x4CuSqhAp08FkGRnNrdf45AjqKnoem:23P0KPsvKhAp081nNVjqKoe

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 9 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a5833df19607946bc8cb51577675176b6b4f55a87c1b2ec72ce9025b93f12db.exe
    "C:\Users\Admin\AppData\Local\Temp\3a5833df19607946bc8cb51577675176b6b4f55a87c1b2ec72ce9025b93f12db.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1864
    • C:\Users\Admin\AppData\Local\Temp\3a5833df19607946bc8cb51577675176b6b4f55a87c1b2ec72ce9025b93f12db.exe
      "C:\Users\Admin\AppData\Local\Temp\3a5833df19607946bc8cb51577675176b6b4f55a87c1b2ec72ce9025b93f12db.exe"
      2⤵
        PID:19640
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\SPOSG.bat" "
          3⤵
            PID:19848
            • C:\Windows\SysWOW64\reg.exe
              REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "JREsp7" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\SunJavaJREupdate7\JREUPD7.exe" /f
              4⤵
                PID:19900
            • C:\Users\Admin\AppData\Roaming\SunJavaJREupdate7\JREUPD7.exe
              "C:\Users\Admin\AppData\Roaming\SunJavaJREupdate7\JREUPD7.exe"
              3⤵
                PID:19924
                • C:\Users\Admin\AppData\Roaming\SunJavaJREupdate7\JREUPD7.exe
                  "C:\Users\Admin\AppData\Roaming\SunJavaJREupdate7\JREUPD7.exe"
                  4⤵
                    PID:81164
                  • C:\Windows\SysWOW64\svchost.exe
                    "C:\Windows\system32\svchost.exe"
                    4⤵
                      PID:81240

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\SPOSG.bat
                Filesize

                153B

                MD5

                a5ab6d6b7f03c59f02ebde6e2834fe42

                SHA1

                567e8e08dcb41c365116e5806676d89e2b9f522a

                SHA256

                2dfac769e0e863a3f534444566bbc908edb7fed1981feed55a8f402cc7a3e506

                SHA512

                271f94ed4f69eb40012e26aae164a0332bc3695d08f119e82096a4a14e15631e8a6ee7c8095d047ba5e2ae03e364c010b873a5f3191ab88a835ae2227ddc30bd

                Download Submit

              • \Users\Admin\AppData\Roaming\SunJavaJREupdate7\JREUPD7.exe
                Filesize

                476KB

                MD5

                1b8ecb57ab5db3b686b500eb6abf76e9

                SHA1

                0c45203a70e0f40ed0c0b27bab2218947c4222fd

                SHA256

                9fb39798c00a5c23ad67466355a3d1c9dde0d0ce1326c56103f6891bb0c6cb6d

                SHA512

                82d48fc7c0d005798e0dde4ef4a673b44c361a0d7f8cad84c23ddfe70282c27859a46807d666ea716a4d2481396a8955bd477cd7c278d82268b5b6a8b70ac089

                Download Submit

              • memory/1864-2-0x0000000000230000-0x0000000000231000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1864-99-0x0000000001E50000-0x0000000001E51000-memory.dmp

                Filesize

                4KB

                Download

              • memory/19640-26748-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/19640-26754-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                Filesize

                4KB

                Download

              • memory/19640-26752-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/19640-26750-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/19640-26755-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/19640-26760-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/19640-26756-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/19640-26757-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/19640-26800-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/19640-53539-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/81164-53532-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/81164-53542-0x0000000000400000-0x000000000040B000-memory.dmp

                Filesize

                44KB

                Download