Overview

overview

7

Static

static

3

08230a0d4e...8f.exe

windows7-x64

7

08230a0d4e...8f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/08/2024, 21:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08230a0d4e279e4c9f08aee3900dcdd4553014b1b578b45592b0250ac558aa8f.exe

  • Size

    246KB

  • MD5

    f4d51d7353c8c1df734c3eec50d17c5e

  • SHA1

    33cd092be8465311caaf2797110113e1d6837090

  • SHA256

    08230a0d4e279e4c9f08aee3900dcdd4553014b1b578b45592b0250ac558aa8f

  • SHA512

    547980116b68bd3ce0ffc0766dbd24f62f42c36595ba79f331d1603c1e0ac1c80f1fc3fbd3a991e86f0ca7024622c95b82b149251e3d73e82cdbf285c5914860

  • SSDEEP

    3072:pokuJVLZELWKy7h5TbXd9ycGEbjPAqhwtH7LQ5DDHV7qBmTYpyEV1r9gkAolK0:LuJQWKyFhrNco5DDH9rTOyEV1rL

Score
7/10
discoveryupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1256
      • C:\Users\Admin\AppData\Local\Temp\08230a0d4e279e4c9f08aee3900dcdd4553014b1b578b45592b0250ac558aa8f.exe
        "C:\Users\Admin\AppData\Local\Temp\08230a0d4e279e4c9f08aee3900dcdd4553014b1b578b45592b0250ac558aa8f.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1736
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a90CB.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:836
          • C:\Users\Admin\AppData\Local\Temp\08230a0d4e279e4c9f08aee3900dcdd4553014b1b578b45592b0250ac558aa8f.exe
            "C:\Users\Admin\AppData\Local\Temp\08230a0d4e279e4c9f08aee3900dcdd4553014b1b578b45592b0250ac558aa8f.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2720
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1336
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2188
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:1748

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
      Filesize

      254KB

      MD5

      b949c7bfabb7039f03ea27c7357d2680

      SHA1

      80890657a4a1f65cb05563ea007f1a6743bb408d

      SHA256

      07a126ffd86760b78c147bb32c473d80f1bc37fac79a741197049cc878bf795f

      SHA512

      7dfbf31a6eccaf83c4e1fe8e5586eea2fed58ebb0326e9c7d06974585f1028500157d3949400bd71b53f31479ed3b361be3d58376297b262437a4da48c485830

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      474KB

      MD5

      e00bb37f2870de4ab176bfec72cf7d6c

      SHA1

      921f2f71ea208b9ccfd5d9cf6cf0620379a34245

      SHA256

      fc9817a352ebbf8890eb2849fd80a0af54ca93b38965f512d7caf691b41a622c

      SHA512

      946d88acf60b8da3c6cbd2af7137b66086d8849b1b36963f3d86b5eaee65667f64b9acf01482380e1d4805a9f42f14541bde97278d03fee9b86a1fa0bee3bfd2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a90CB.bat
      Filesize

      722B

      MD5

      0e647347bdff8211348709e33a394f68

      SHA1

      3f48b18f2a54b073b024a32f274e402bceeb0c81

      SHA256

      ece5673387be1b5eaab01e6b7309ed7e41f33c107f886b69f98f55bfd33edd32

      SHA512

      4d1ffa4e76b842d6e8881ee0700fc25b3132196ca2c8d1778e377e640eae6faaf5e69cf6350d9776a334828b903cab8a5ae94a5f734728883b9b1050be6d61af

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\08230a0d4e279e4c9f08aee3900dcdd4553014b1b578b45592b0250ac558aa8f.exe.exe
      Filesize

      217KB

      MD5

      166e4e81eebec1f69479e021421ae0a3

      SHA1

      00db0eaff240a95aedca38d4c11b55f863fcac79

      SHA256

      f7672fc4c2865403fe320a4226adb611263f4848744bca082670192fbea0a973

      SHA512

      c7908b70bd6a56f1099710b1c34a94b28a6384427f8efe7e9817a3762bf4dc4206a8a2a5b083e906b580e86876876103b78c16fbf9c4c3293ccc55cc19e6a2e3

      Download Submit

    • C:\Windows\rundl132.exe
      Filesize

      29KB

      MD5

      3892a73a8feb14c363f9fc86355e24c1

      SHA1

      b38d5e8b79fc76ac6c4c92b61f0e42ccbfcb15a8

      SHA256

      abe3fc6cbe35adb6def32941c3b2244be5fe43c214a0fe4446ce889fbd8da8bb

      SHA512

      099917ff9a2b844e33be0de5dca9cda472aee12a26c658b821f8098d0c0acd1c5a34eb5e90f0e1520b042dfe3571a558c9598346a7e4009d0e6c3e76ab5e7cf2

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-1506706701-1246725540-2219210854-1000\_desktop.ini
      Filesize

      8B

      MD5

      a451cf229ab77d19c624b2e48ac11ec8

      SHA1

      0f3002921952d4e528750030d6340b77d10b5fc9

      SHA256

      96a8bb2a4a11f6596cd7c59eee4a5ea4dcfb02550aadc0b233e6cc269883f222

      SHA512

      699a221508bfee448d09720da926c818de965de39253e6c82fe79343d2916c59edb97ae5dc6d1e3b6343928fcefb636f5dfa13507e5ec53b3c4eeb1266caa3cd

      Download Submit

    • memory/836-27-0x0000000002340000-0x00000000023DC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/836-30-0x0000000002340000-0x00000000023DC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/836-38-0x0000000002340000-0x00000000023DC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/1256-34-0x00000000024E0000-0x00000000024E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1336-102-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1336-1378-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1336-3350-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1336-18-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1336-1890-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1336-45-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1336-36-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1336-56-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1336-110-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1736-0-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1736-16-0x0000000000400000-0x0000000000436000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2720-47-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2720-31-0x0000000000400000-0x000000000049C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2720-32-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2720-37-0x0000000000400000-0x000000000049C000-memory.dmp

      Filesize

      624KB

      Download