Overview

overview

7

Static

static

7

0063fa8bd3...0N.exe

windows7-x64

7

0063fa8bd3...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14-07-2024 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0063fa8bd3a953ef71a48bf1aa0ccef0N.exe

  • Size

    134KB

  • MD5

    0063fa8bd3a953ef71a48bf1aa0ccef0

  • SHA1

    34683b9259ec0c1fd3d0d25da255fd2207b7ecd1

  • SHA256

    1f7de0632f715a1ef039955e5aab2e32f2a4665fedaf8e2e552f6d6c0dfd4221

  • SHA512

    65c605a83de8f516ccfa13e7df0658a8f4c098bf525738d2899f97e8f9a03e0cd23d2a9487affcaf2695238b92a28082b808a962a0f100ec2177f4bc75eb8842

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38QB:riAyLN9aa+9U2rW1ip6pr2At7NZuQB

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0063fa8bd3a953ef71a48bf1aa0ccef0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0063fa8bd3a953ef71a48bf1aa0ccef0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Update\WwanSvc.exe
    Filesize

    134KB

    MD5

    f4b223333ce7b1649793ed26ca7aa49a

    SHA1

    19405c1c9d038fc7e2422a1fa33d75866ab5c746

    SHA256

    29f35df49b00ad239b68a35b6c753ef32d723b37e75833a0e5eae88b3771ca2e

    SHA512

    3847825ba49f0019a0992b6b2d0bf46810d199fa53f0cf3c1fc3cc01a6fc76d74ed48803dad917db6b71fea0249b2fc095e6efc35021e286248df4fbcb6f0341

    Download Submit

  • memory/3048-7-0x00000000000C0000-0x00000000000E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3048-9-0x00000000000C0000-0x00000000000E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3052-0-0x0000000000A40000-0x0000000000A68000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3052-6-0x0000000000110000-0x0000000000138000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3052-8-0x0000000000110000-0x0000000000138000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3052-10-0x0000000000A40000-0x0000000000A68000-memory.dmp

    Filesize

    160KB

    Download