Overview

overview

7

Static

static

7

9913f1c3de...2a.exe

windows7-x64

7

9913f1c3de...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 01:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9913f1c3de760e1dbaf2bf6fc4dd46101aa6396572539947576df5a32a24d42a.exe

  • Size

    134KB

  • MD5

    ab3c3d0af0c5c14721e8548e7f1d0420

  • SHA1

    59c5b6a92d2cf781782a55af55a7655d20cad98d

  • SHA256

    9913f1c3de760e1dbaf2bf6fc4dd46101aa6396572539947576df5a32a24d42a

  • SHA512

    c341c85865f26779ffb763fe68ad29ed15b4dee2aab5564f6579ab430ffd7f4ba335c50cceb1f0849be1d362c76879959277bf6b64797e1020517ad7abe52371

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38QT:riAyLN9aa+9U2rW1ip6pr2At7NZuQT

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9913f1c3de760e1dbaf2bf6fc4dd46101aa6396572539947576df5a32a24d42a.exe
    "C:\Users\Admin\AppData\Local\Temp\9913f1c3de760e1dbaf2bf6fc4dd46101aa6396572539947576df5a32a24d42a.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2780

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \ProgramData\Update\WwanSvc.exe
          Filesize

          134KB

          MD5

          226383c80e00624b68814447793b7421

          SHA1

          943978f9b26a0723c29a063312ba3ba3a3848d8d

          SHA256

          7db695b16aa10d500df7b649a80c7a38119de019e88307276e2f3f581a12cda4

          SHA512

          957979f6b1ed6beb5aee47bef36474bf97fa9e9ed960658b8abd1696e2fd7808eb24e03140c8f9d8ecd543d5cd4a619d494d078892d110bfc8b4c3d1a92ec94f

          Download Submit

        • memory/2336-1-0x0000000000300000-0x0000000000328000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2336-6-0x0000000000130000-0x0000000000158000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2336-8-0x0000000000300000-0x0000000000328000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2780-7-0x00000000011C0000-0x00000000011E8000-memory.dmp

          Filesize

          160KB

          Download