Overview

overview

10

Static

static

7

3862431768...0N.exe

windows7-x64

10

3862431768...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    48s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    07/07/2024, 03:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3862431768357d168771fb7b82de20d0N.exe

  • Size

    33KB

  • MD5

    3862431768357d168771fb7b82de20d0

  • SHA1

    4b83ed7efdbe7281b7ab827d8baa613a266ecfe3

  • SHA256

    3dd0058415627fd8931b04605dc1e53ea610950aa7b8716e711cac0f53a198ea

  • SHA512

    ee1c48ff9e0e5986b16139b09f0141ab85814570bfe447273ede0ecf1c421bce5b717aa13e07aef8486f4b4630928d3f641ee14a4ee2bf3a497e6de3db4606a7

  • SSDEEP

    768:UEzNbLcQ9qQuVriDMuyuruTD0qB77777J77c77c77c7nOT0BcfqSxi:l3h9qQA6hZunrB77777J77c77c77c7Oi

Score
10/10
evasionpersistenceupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 3 IoCs
    persistence
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables RegEdit via registry modification 2 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • UPX packed file 35 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in System32 directory 12 IoCs
  • Drops file in Windows directory 25 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3862431768357d168771fb7b82de20d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3862431768357d168771fb7b82de20d0N.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Boot or Logon Autostart Execution: Active Setup
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\control.{21EC2020-3AEA-1069-A2DD-08002B30309D}\øù©ø¤Ñ­Ú„•.exe
      C:\Windows\control.{21EC2020-3AEA-1069-A2DD-08002B30309D}\øù©ø¤Ñ­Ú„•.exe
      2⤵
      • Modifies WinLogon for persistence
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3008
    • C:\Windows\control.{21EC2020-3AEA-1069-A2DD-08002B30309D}\ýþ®ý©Ö¢²ß.exe
      C:\Windows\control.{21EC2020-3AEA-1069-A2DD-08002B30309D}\ýþ®ý©Ö¢²ß.exe
      2⤵
      • Modifies WinLogon for persistence
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1640

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\control.{21EC2020-3AEA-1069-A2DD-08002B30309D}\øù©ø¤Ñ­Ú„•.exe
          Filesize

          33KB

          MD5

          f8122a598d45b5306e10bd6c66ec97b3

          SHA1

          02278887076de3bc9750c1ffb87110d35a094d46

          SHA256

          2cfc92ee2dbafa9d42127f81ac24afc66a94c8dfd0c3a732e3dc3116369d075d

          SHA512

          05b0a45dc391be2f07fb7f9617bba791a83bee62fea8804e1b92593b1d11d579e9ab4628bb44ac121bf4683d6087a3fcff807737a97a54cdf0e572fdc9435e82

          Download Submit

        • \Windows\control.{21EC2020-3AEA-1069-A2DD-08002B30309D}\ýþ®ý©Ö¢²ß.exe
          Filesize

          37KB

          MD5

          5b048f6acc54f7472b9163337ec3ec33

          SHA1

          9c240d26c38e5b400af41ce9702ba2be128b44d9

          SHA256

          985e7da32f44245b6ec96eb07ceb3960010cf0531574c7c7873e7c852569d24e

          SHA512

          2a2a4213a850b02953a0bc8df5682346a0181d3ffb1aa033d6ae069975ff4e5302393cfec2e90262623676718ed2ee361cb3a630eb3a7d46e505a99ad2a3b3dd

          Download Submit

        • memory/1640-54-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-36-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-26-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-46-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-50-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-33-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-60-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-44-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-58-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-52-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-38-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-56-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-40-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-48-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1640-42-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2320-16-0x00000000024C0000-0x00000000024E2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2320-0-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2320-14-0x00000000024C0000-0x00000000024E2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2320-31-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-34-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-45-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-47-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-43-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-49-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-41-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-51-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-53-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-39-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-37-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-55-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-57-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-35-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-32-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3008-59-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download