Overview

overview

7

Static

static

7

aa63f3d04c...0N.exe

windows7-x64

7

aa63f3d04c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 21:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    aa63f3d04cb50de8d53dcf9b12d2d660N.exe

  • Size

    134KB

  • MD5

    aa63f3d04cb50de8d53dcf9b12d2d660

  • SHA1

    c666fe81ae4f0681d62645c36badcb6a896e964d

  • SHA256

    f06b396d623bc38a1f4f4730ac109408de47d1adbc487555a3b3d7a182ec212a

  • SHA512

    521cccc4520fcab4e054236175c5dbc833974a0f12e0a9b56a88f9e94ff2933db882543b71955ac51b2a94c8aca64fa47a4d865ede1daad657c2d4a465c7c3f6

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Qg:riAyLN9aa+9U2rW1ip6pr2At7NZuQg

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa63f3d04cb50de8d53dcf9b12d2d660N.exe
    "C:\Users\Admin\AppData\Local\Temp\aa63f3d04cb50de8d53dcf9b12d2d660N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1832
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4292,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:8
    1⤵
      PID:1464

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\Update\WwanSvc.exe
            Filesize

            134KB

            MD5

            171386aa4db3cce352ff2c20474e40cf

            SHA1

            3a00dbca678e6835370111d6897de97f94fd6587

            SHA256

            1a6f9bbbb0e2e550cd1da36aa7dfe27b3928402a65b2b302759dd42a49a37047

            SHA512

            a418001ebf82b6595164a505094f13beb1ad9e441cdf675394ceae687a67f987da169afb66359a8786c856ab894cac9f8b3403e6e034b9b95e6d4fee521798f4

            Download Submit

          • memory/1832-4-0x0000000000BC0000-0x0000000000BE8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1832-7-0x0000000000BC0000-0x0000000000BE8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/5092-0-0x0000000000400000-0x0000000000428000-memory.dmp

            Filesize

            160KB

            Download

          • memory/5092-6-0x0000000000400000-0x0000000000428000-memory.dmp

            Filesize

            160KB

            Download