780b06e0dc0958179d0ea277b37196c97dfa8c1ecd5f841b89486b066b4c0484

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d70d699bc2a39f1e6af52aea5ed6b060N.exe
Size

134KB
MD5

d70d699bc2a39f1e6af52aea5ed6b060
SHA1

e6488c4d42bea2e4a1baa070a5d026962d38b48d
SHA256

780b06e0dc0958179d0ea277b37196c97dfa8c1ecd5f841b89486b066b4c0484
SHA512

ca0bf0c779ecb6285d83c3d0e8534dda810d0510b2f2f69798f924fa5a488a3d4c098ad22a9fe481e8e8f60914a3d79fd9caf864483becddee63fc333aa42ae9
SSDEEP

1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Qh3:riAyLN9aa+9U2rW1ip6pr2At7NZuQh3

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2600	WwanSvc.exe

Loads dropped DLL 1 IoCs

pid	Process
2292	d70d699bc2a39f1e6af52aea5ed6b060N.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2292-0-0x0000000000F40000-0x0000000000F68000-memory.dmp	upx
behavioral1/files/0x0007000000018b03-5.dat	upx
behavioral1/memory/2600-7-0x0000000000B30000-0x0000000000B58000-memory.dmp	upx
behavioral1/memory/2292-8-0x0000000000F40000-0x0000000000F68000-memory.dmp	upx
behavioral1/memory/2292-10-0x0000000000F40000-0x0000000000F68000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update = "\"C:\\ProgramData\\Update\\WwanSvc.exe\" /run"	d70d699bc2a39f1e6af52aea5ed6b060N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2600	2292	d70d699bc2a39f1e6af52aea5ed6b060N.exe	31
PID 2292 wrote to memory of 2600	2292	d70d699bc2a39f1e6af52aea5ed6b060N.exe	31
PID 2292 wrote to memory of 2600	2292	d70d699bc2a39f1e6af52aea5ed6b060N.exe	31
PID 2292 wrote to memory of 2600	2292	d70d699bc2a39f1e6af52aea5ed6b060N.exe	31

C:\Users\Admin\AppData\Local\Temp\d70d699bc2a39f1e6af52aea5ed6b060N.exe
"C:\Users\Admin\AppData\Local\Temp\d70d699bc2a39f1e6af52aea5ed6b060N.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2292
- C:\ProgramData\Update\WwanSvc.exe
  "C:\ProgramData\Update\WwanSvc.exe" /run
  2⤵
  - Executes dropped EXE
  PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Update\WwanSvc.exe

Filesize
134KB

MD5
72e8425dc4b86ee5eedfd48017ae10f4

SHA1
a9b087c508c1f5e99e4aa81fb2b9f51a766d53a3

SHA256
8afe3ea1d0fcbef974d551c2b4fa2a24dc6b2ed0d5dc2dfcb84438bfc9c1fd9b

SHA512
9df666dc190ff994315dd575cc9a61f1dcad7f8f89d1bfcd407a02148aed26db9118c357d92d905ce0f4f32c136ced986ea9a7b993c027466481c241fb72f555

Download Submit
memory/2292-0-0x0000000000F40000-0x0000000000F68000-memory.dmp

Filesize
160KB

Download
memory/2292-6-0x0000000000B30000-0x0000000000B58000-memory.dmp

Filesize
160KB

Download
memory/2292-8-0x0000000000F40000-0x0000000000F68000-memory.dmp

Filesize
160KB

Download
memory/2292-9-0x0000000000B30000-0x0000000000B58000-memory.dmp

Filesize
160KB

Download
memory/2292-10-0x0000000000F40000-0x0000000000F68000-memory.dmp

Filesize
160KB

Download
memory/2600-7-0x0000000000B30000-0x0000000000B58000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads