Overview

overview

7

Static

static

7

9a1d7f1be6...cd.exe

windows7-x64

7

9a1d7f1be6...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/07/2024, 00:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a1d7f1be6ef96519868880e4bf84ec5c24c0340cb131651329994769a26e1cd.exe

  • Size

    135KB

  • MD5

    4d87ddf074d1e715c967f53bf644d9a9

  • SHA1

    96fae9975009e65ef7868431f91ddd086464b0d1

  • SHA256

    9a1d7f1be6ef96519868880e4bf84ec5c24c0340cb131651329994769a26e1cd

  • SHA512

    5f2b94d97a8e5ba1de7e2909148dbdade30081b57ec21623d0f92a955bcfafa83da17168f9c7f66ec480b8e42d2e0ca2902d9b43332bcba319619a6bc0ef1004

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Qhs:riAyLN9aa+9U2rW1ip6pr2At7NZuQhs

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a1d7f1be6ef96519868880e4bf84ec5c24c0340cb131651329994769a26e1cd.exe
    "C:\Users\Admin\AppData\Local\Temp\9a1d7f1be6ef96519868880e4bf84ec5c24c0340cb131651329994769a26e1cd.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Update\WwanSvc.exe
    Filesize

    135KB

    MD5

    22269d5cd47126d548fcf4fceeb46e0c

    SHA1

    c795b2f2f64323e3dcf009b957b0ea947b018cb5

    SHA256

    a311fc006a897c569b5c0087b53385da61eb298314100e8c4fe6d9ecf8b3a503

    SHA512

    c10b200daa217d9506884968237d00ee59cac2c16f103f66ece086bc6fd1ad0b43b8239431b70037e0d2593fd370814e21c2fb93a942b1c593a4b3f50b62f828

    Download Submit

  • memory/3172-0-0x0000000000DA0000-0x0000000000DC8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3172-5-0x0000000000DA0000-0x0000000000DC8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3948-6-0x0000000000B60000-0x0000000000B88000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3948-7-0x0000000000B60000-0x0000000000B88000-memory.dmp

    Filesize

    160KB

    Download