Overview

overview

10

Static

static

10

TimerResolution.exe

windows7-x64

7

TimerResolution.exe

windows10-2004-x64

8

Resubmissions

26-10-2024 11:39

241026-nsl9fsvejr 10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    26-10-2024 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TimerResolution.exe

  • Size

    7.5MB

  • MD5

    663415fd13b6b22a935aa94b2c15c0f1

  • SHA1

    59c87936ad8695f2a3c149ea47983c435b5bd3ff

  • SHA256

    0cdc1ffc8c58f4944c1aadb096dfdb17163a1059ad3218e54296c0b6e3c28de4

  • SHA512

    7bfc8234b2818c4dd7ccd514598a0a183a7f0825c1924df198a7bc6130e561649f935bfbff45552bf3677d504cee89e71707e68c8e72ca5ae62177369449450b

  • SSDEEP

    196608:MHunqZoF4wfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oSp:VfnIH2XgHq+jq93YoY

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TimerResolution.exe
    "C:\Users\Admin\AppData\Local\Temp\TimerResolution.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Users\Admin\AppData\Local\Temp\TimerResolution.exe
      "C:\Users\Admin\AppData\Local\Temp\TimerResolution.exe"
      2⤵
      • Loads dropped DLL
      PID:2324
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2864
    • C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE" C:\Users\Admin\Downloads\RedoRepair.pub
      1⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Windows\splwow64.exe
        C:\Windows\splwow64.exe 12288
        2⤵
          PID:1860

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI21402\python312.dll
        Filesize

        1.7MB

        MD5

        2996cbf9598eb07a64d66d4c3aba4b10

        SHA1

        ac176ab53cdef472770d27a38db5bd6eb71a5627

        SHA256

        feba57a74856dedb9d9734d12c640ca7f808ead2db1e76a0f2bcf1e4561cd03f

        SHA512

        667e117683d94ae13e15168c477800f1cd8d840e316890ec6f41a6e4cefd608536655f3f6d7065c51c6b1b8e60dd19aa44da3f9e8a70b94161fd7dc3abf5726c

        Download Submit

      • memory/2324-24-0x000007FEF56C0000-0x000007FEF5D82000-memory.dmp

        Filesize

        6.8MB

        Download

      • memory/2692-46-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2692-47-0x000000007344D000-0x0000000073458000-memory.dmp

        Filesize

        44KB

        Download

      • memory/2692-49-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2692-50-0x000000007344D000-0x0000000073458000-memory.dmp

        Filesize

        44KB

        Download