Overview

overview

7

Static

static

5

0b7009257c...09.exe

windows7-x64

7

0b7009257c...09.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b7009257cfcbf436b31d6959ef289f9bb6b6d28d9711d5c04d5c6dc684b7609.exe

  • Size

    423KB

  • MD5

    c86f7e509f2b749025be878cb00ab68b

  • SHA1

    515792c39a0be224619531d19df4f132778f83d9

  • SHA256

    0b7009257cfcbf436b31d6959ef289f9bb6b6d28d9711d5c04d5c6dc684b7609

  • SHA512

    ebacbec1c6512553ba783971ae583ddf086e91c777b229f134b5b16d7dfa226a871c04786edc6bfec43c525f10cd62fb2efd800c23e434740efa54c97a85fa85

  • SSDEEP

    12288:47KAnqKJIUADVGBRZJrBFGcyh5SQ2usfvecpwr:47KAnqKJIUABGBRbBFGcyh5S1usfvecu

Score
7/10
discoveryupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b7009257cfcbf436b31d6959ef289f9bb6b6d28d9711d5c04d5c6dc684b7609.exe
    "C:\Users\Admin\AppData\Local\Temp\0b7009257cfcbf436b31d6959ef289f9bb6b6d28d9711d5c04d5c6dc684b7609.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Users\Admin\AppData\Local\Temp\Sysceaminanv.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysceaminanv.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cpath.ini
    Filesize

    102B

    MD5

    2c07b4bcb0c1bb1a7837feaea994d001

    SHA1

    289e31c92fee7d6c8c3ec5b3c4655b32011ccdb2

    SHA256

    67b1df13f9dfe55aad93a28575a52baa54a4250ace62f019dd9a9bd308b92d2b

    SHA512

    6b55ac2618448c1ce01a2686bf5e089de96d8d2420164368714b83fd9a246d95aeb97c84e9c987712d4ccd202d2aacc2e2aabe00589371a9a17d5428a664261f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Sysceaminanv.exe
    Filesize

    423KB

    MD5

    0e44f9882f909ed9b979e77896226373

    SHA1

    952a966cfdf42a9f5fb9492da513c39e87b01f6a

    SHA256

    77d55db4cbb8194cb1d5b4a691ee7df152d392d412c2be115d865ee32891d357

    SHA512

    690cb6f2cd04e9143e89660325e2a7fd1bc7b9645dc1abcc9d87e202f1648bd4f909bc96b0db4053902e7d802bf8588d59b8a4b59cd45735cab945a147afcada

    Download Submit

  • memory/2268-0-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2268-17-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2268-20-0x0000000003890000-0x00000000038FC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2268-22-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2904-18-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2904-23-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download