Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 03:58

General

  • Target

    d56e04bf312c24ce7df62c8336f4b0d1ce4795b61d3a2b8173acb59a0685900f.exe

  • Size

    76KB

  • MD5

    06a4e5cd0879581e50cda66de874ce99

  • SHA1

    76135ad5da8658ae1478616c2b90d5006e0bab9e

  • SHA256

    d56e04bf312c24ce7df62c8336f4b0d1ce4795b61d3a2b8173acb59a0685900f

  • SHA512

    f23571fafec66caa394ce84fca84b26b0719ffb72367bd1971d95d7031fc878b0f07f8aae2ab8d1a4f46f6502305dc4d7aa16c9ab660bc69482114dd7afd04a1

  • SSDEEP

    1536:WRWjzOe1tu4lx8Wf677WrvafPoHDmzhTk+rmFJN:WweGo4X8VGxHDmzV0Fb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d56e04bf312c24ce7df62c8336f4b0d1ce4795b61d3a2b8173acb59a0685900f.exe
    "C:\Users\Admin\AppData\Local\Temp\d56e04bf312c24ce7df62c8336f4b0d1ce4795b61d3a2b8173acb59a0685900f.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\Sysceamfvfeq.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysceamfvfeq.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Sysceamfvfeq.exe

    Filesize

    76KB

    MD5

    0f2be204e6bbb3804adcdf96a2718031

    SHA1

    ea952ffdea64691771ede24582a59458374d5594

    SHA256

    7ded7144638a1a02041e8f71136664953f888409ee3ba35bdfbca470e0867ed3

    SHA512

    aa225559ff9737f85c2e9363920f1ef4502cd7353035e776e1ada303ffbb23e83503c1adca5847c9a9493606747e072c404f155e245cd9bb0ec2d9bf1c107ed9

  • C:\Users\Admin\AppData\Local\Temp\cpath.ini

    Filesize

    102B

    MD5

    fcaa1a4b2e59f4a00ca24628dfba9dee

    SHA1

    838ad79062965b6355908a0f76548ba906137a19

    SHA256

    f6c37fa220440126a4f0eb72748248a7ea7c9ff92506238b46ffa9f0f622e23b

    SHA512

    c887719b177114f93ce731316783621a57cd6ce5ffd1d04ee8c01c1cf271852a55eb4a3678792a0ba1f5d794d69ba9ff9572ef93dd375a74ad71967b80779f80

  • memory/1928-21-0x0000000000400000-0x0000000000459000-memory.dmp

    Filesize

    356KB

  • memory/1928-23-0x0000000000400000-0x0000000000459000-memory.dmp

    Filesize

    356KB

  • memory/2080-0-0x0000000000400000-0x0000000000459000-memory.dmp

    Filesize

    356KB

  • memory/2080-12-0x0000000003A80000-0x0000000003AD9000-memory.dmp

    Filesize

    356KB

  • memory/2080-18-0x0000000003A80000-0x0000000003AD9000-memory.dmp

    Filesize

    356KB

  • memory/2080-22-0x0000000000400000-0x0000000000459000-memory.dmp

    Filesize

    356KB