Overview

overview

10

Static

static

5

ce3fbe9a37...a3.exe

windows7-x64

10

ce3fbe9a37...a3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 03:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce3fbe9a37248ae08f2a265b3a3009710218f33562821bc74a1df16234d07fa3.exe

  • Size

    298KB

  • MD5

    5d4b953b615532bd409ad02d244d5272

  • SHA1

    224f0aee775a2ea8ac92d546e7dde4d4d0534a4c

  • SHA256

    ce3fbe9a37248ae08f2a265b3a3009710218f33562821bc74a1df16234d07fa3

  • SHA512

    d17902df2282ac16952a1405d2a9ccb4a59cd40cb21eed8922d1a8a7549b434d0704cf625a3e6f8a5e2b3ab936db7e9b0a5a0bf2e2b87cc393d2a3753d9c2fe6

  • SSDEEP

    6144:EuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLqIY8:v6Wq4aaE6KwyF5L0Y2D1PqLP

Score
10/10
discoveryevasionupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • AutoIT Executable 17 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce3fbe9a37248ae08f2a265b3a3009710218f33562821bc74a1df16234d07fa3.exe
    "C:\Users\Admin\AppData\Local\Temp\ce3fbe9a37248ae08f2a265b3a3009710218f33562821bc74a1df16234d07fa3.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\svhost.exe
      C:\Windows\svhost.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings.exe
    Filesize

    298KB

    MD5

    75323ceac53a577feddd9cc63e9a9c53

    SHA1

    4f1686a8239717f352931a755d007cb08d322340

    SHA256

    1c8568cd33cb61800b91b5bf8fd237404e4039ebf6bf4e38696d1d73fd581f4c

    SHA512

    3bc2346004182ebcea82b1c038d50d8a188556b27a9f65128d4feef07ba90b66aefe890762f33640cce76b4680b53ac1c16e027488a222b679b08c2bfc3a5561

    Download Submit

  • C:\Windows\Driver.db
    Filesize

    82B

    MD5

    c2d2dc50dca8a2bfdc8e2d59dfa5796d

    SHA1

    7a6150fc53244e28d1bcea437c0c9d276c41ccad

    SHA256

    b2d38b3f122cfcf3cecabf0dfe2ab9c4182416d6961ae43f1eebee489cf3c960

    SHA512

    6cfdd08729de9ee9d1f5d8fcd859144d32ddc0a9e7074202a7d03d3795bdf0027a074a6aa54f451d4166024c134b27c55c7142170e64d979d86c13801f937ce4

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    298KB

    MD5

    a64ef4e0d6832429af07d76b80ef11c4

    SHA1

    888517ae1693473a0448a64ba61b6487f18dd644

    SHA256

    fa9b5d1c4ec0de2d1e67a36f3ab257e18a5f9d0bc1c4266b87780001328b1460

    SHA512

    977eb1d82db68a3496fb41672bcdd814f43fcb8784d9638b24ba6e0a641a7aec97c8146669f01bc8628bb8113533e4f9c9651c9c7f29f3f3e6902b1fa2558556

    Download Submit

  • memory/2704-3444-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-5737-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-7-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-15946-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-1037-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-1149-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-2292-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-14795-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-4587-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-13653-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-6885-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-8029-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-9061-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-10212-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-11357-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2704-12503-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2792-5-0x0000000003D60000-0x0000000003E22000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2792-0-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2792-804-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download