Overview

overview

7

Static

static

7

66ffdfa7c9...0N.exe

windows7-x64

7

66ffdfa7c9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66ffdfa7c91bf33226b13d4f90df1af0N.exe

  • Size

    134KB

  • MD5

    66ffdfa7c91bf33226b13d4f90df1af0

  • SHA1

    e7421a73a35c90b690c93fd9cf31a30818ce6461

  • SHA256

    056a785d25cc1986d5cecf1d322947cc11ecc5691da0c1b799bcbcfe992c0266

  • SHA512

    6c55257a767be358b7c2eb45f76d723b83d9157b142504a426bde4cd5349d07468b34cd97baf2a4fd1d6eb6d7fb82d96ca93bd1e3b890b18bc2e0145754cf641

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38QI:riAyLN9aa+9U2rW1ip6pr2At7NZuQI

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66ffdfa7c91bf33226b13d4f90df1af0N.exe
    "C:\Users\Admin\AppData\Local\Temp\66ffdfa7c91bf33226b13d4f90df1af0N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\Update\WwanSvc.exe
    Filesize

    134KB

    MD5

    e86eedd3e6b0932d34df05b8ee30d3c9

    SHA1

    02e608885c5346ef011466c8f978268ea5a120c1

    SHA256

    cd72ab70a4a1216d9aaac961d1578733ce6a661ea751f3d982a5fc25ef703dd3

    SHA512

    9119fb2535c81beebaf3838b5a54008ed0a63fa6cea005e90e04ffdc6dca2301189ab39e47264339306448262e4080c78eb156f3f4b627fa8e924e3f1426b18a

    Download Submit

  • memory/2796-6-0x0000000000D80000-0x0000000000DA8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2796-9-0x0000000000D80000-0x0000000000DA8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2932-0-0x0000000000CC0000-0x0000000000CE8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2932-7-0x0000000000CC0000-0x0000000000CE8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2932-8-0x00000000000F0000-0x0000000000118000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2932-10-0x0000000000CC0000-0x0000000000CE8000-memory.dmp

    Filesize

    160KB

    Download