Overview

overview

8

Static

static

7

93b91c4cfb...0N.exe

windows7-x64

8

93b91c4cfb...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    68s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 08:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93b91c4cfbc804ab991ef1810437d8a0N.exe

  • Size

    115KB

  • MD5

    93b91c4cfbc804ab991ef1810437d8a0

  • SHA1

    35056383932a6e9819d0f908622f4705c9318e88

  • SHA256

    284d9a6100cbf9bf6110f2949502133aa5681fd8591d3942ade7d84d6442189a

  • SHA512

    8ea26385f7d58779adc96faef73fe1c15895507011a6c7dad3866da9266087d4d5af06d9e617d7dc3fb6635d1538d0f1b0aea79e4119cb64406d8047a2825140

  • SSDEEP

    3072:OulzomyA5MlmX/aLGtWMatXMW2UvtdsyZIrJWD2:OwsmyA5XX9WMatXMW2UvtrZIrJWS

Score
8/10
persistenceupx

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 13 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93b91c4cfbc804ab991ef1810437d8a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\93b91c4cfbc804ab991ef1810437d8a0N.exe"
    1⤵
    • Adds policy Run key to start application
    • Sets service image path in registry
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\userun32.exe
    Filesize

    115KB

    MD5

    491483c3a0334019ce8302beed463490

    SHA1

    04def4f2e7dcee049b802ca2596488327e57b593

    SHA256

    39631f67e2e489d755fe6a857e8548dfa713cda8baebc00df2b370585bd5ee55

    SHA512

    4e2670a2436c445d8cb37a057ce0ff1ad983321f7ce8fc4a17022329d9acdbeefef1073167aacb26eed6371d2fe21154276d6688a12e00f9bd9b999ce668d482

    Download Submit

  • memory/3028-0-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3028-1-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download