Overview

overview

9

Static

static

3

mods‮piz.exe

windows7-x64

7

mods‮piz.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 16:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    mods‮piz.exe

  • Size

    73.0MB

  • MD5

    ae7d85cf0430d043044a1ca6245b56ac

  • SHA1

    6978bbd6092b7e73e319b2273292ad6057657f0f

  • SHA256

    ba43492356bfced1b66531776d1c1e875739779ba3110cb94320ea4f77c2bfb4

  • SHA512

    c43686fb796d82b9b13a3fe527a4f4f9f5e0845a643fbc5ff7f738d368107cddc13b48646397f07ff5f1ad751b50cf0f26621bfaedef50511f4e5f99f01cb0fb

  • SSDEEP

    1572864:rI2x6vSwY76NapdidyEmwSDzBzSOiBIn/rCnuR6ZT1vGil5VSy:rI2xgSv7sKimRzVj1/rCLjl5x

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mods‮piz.exe
    "C:\Users\Admin\AppData\Local\Temp\mods‮piz.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\source_prepared.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\source_prepared.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2712
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\source_prepared.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\source_prepared.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1696
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1624
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4ec
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3128
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3176

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_MEI27122\python310.dll
            Filesize

            1.4MB

            MD5

            933b49da4d229294aad0c6a805ad2d71

            SHA1

            9828e3ce504151c2f933173ef810202d405510a4

            SHA256

            ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

            SHA512

            6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

            Download Submit

          • memory/1696-1274-0x000007FEF5090000-0x000007FEF54FE000-memory.dmp

            Filesize

            4.4MB

            Download

          • memory/2748-4-0x0000000003370000-0x0000000003380000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3176-2536-0x0000000140000000-0x00000001405E8000-memory.dmp

            Filesize

            5.9MB

            Download

          • memory/3176-2537-0x0000000140000000-0x00000001405E8000-memory.dmp

            Filesize

            5.9MB

            Download