Overview

overview

8

Static

static

7

94754cefc0...0N.exe

windows7-x64

8

94754cefc0...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    92s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 18:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94754cefc063f4714ff41d4159837cf0N.exe

  • Size

    678KB

  • MD5

    94754cefc063f4714ff41d4159837cf0

  • SHA1

    0415810fd50ea45e09958389eec8823c469d5523

  • SHA256

    1f4ba905eea3da2b39b4a3effaeca8a737d325a474ac41bf5d81e70633916b2c

  • SHA512

    15c252a4d3fe8516e67a60c23659ddfbc35f06063e51cf2993c5777a41bd48923c6a16458af29aa11295e3aa43ca6327eb03926ef99484f9a431a4d0e4bfce08

  • SSDEEP

    12288:7tKe6Zv23YLVFhBsC8iFHs+hsuQXIQRUP/g8t55VGGWEs4UE0LP:v6Zv2ivhBVnFvh5Q44UP48eEDUE0LP

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94754cefc063f4714ff41d4159837cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\94754cefc063f4714ff41d4159837cf0N.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\spoolsv.exe
      C:\Windows\spoolsv.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\concp32.exe
    Filesize

    684KB

    MD5

    0ec499c8944fab962a1780eb01aa02ab

    SHA1

    03d39dc07deb562f6cdac9191c9180620408aeba

    SHA256

    5033920abf84fe6ff36f2eda1d8a3555251c45ee48a750d16c467d064620a86f

    SHA512

    a6925aefad4d3b855507c16d9498ec11c168d2892522f81d0d9e459dd6fdebda24dd857279e6006ad831afd832120b9738bf23da3b274b20f979d4b43f1cf594

    Download Submit

  • C:\Windows\spoolsv.exe
    Filesize

    681KB

    MD5

    80835a6aea9721babbabf28567599924

    SHA1

    c19f8d4e7ce5d9661f51825f63bbb6d93dec9815

    SHA256

    015c228de0347a6600a0b82c21896f31d91ab52fe9d3f0b7f9d6a8f96a17c9b4

    SHA512

    3b01ef7f6ad1cad1be7cd8c33d7f1a36b79ac2be919e83123d9031057d17a727f6950697e0672b66c5f4950d9a0f891e7ef8e279eec6e4e8c4509f5eb74553c6

    Download Submit

  • memory/2532-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2532-13-0x00000000002D0000-0x0000000000309000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2532-15-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2700-16-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2700-17-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download