Overview

overview

8

Static

static

7

7fe16efb09...b1.exe

windows7-x64

8

7fe16efb09...b1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2024 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7fe16efb0990ef8c3ad675d40a9ae800f2a8ea973631caa89bac18e73a1778b1.exe

  • Size

    5.0MB

  • MD5

    dbfc5d7fc5da0a846a3f50a7b42c7b45

  • SHA1

    9d39d4649b8541d3784110d15765cf008e99f014

  • SHA256

    7fe16efb0990ef8c3ad675d40a9ae800f2a8ea973631caa89bac18e73a1778b1

  • SHA512

    1dcff70a8e33c1ccf03c81c6c7ad803030614ab65e0a700b256962d09028d9d73c90d48ab4fb80ee58d8fab2ee954774520b8bd22352c18c0cd82f72b4ba02ba

  • SSDEEP

    98304:GBT7X6fsUaOr9yx2ho9jAjksc7a5o0KSB4eoznxFVuy:YTL1Uaa+ioZpG0S4z

Score
8/10
upxvmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fe16efb0990ef8c3ad675d40a9ae800f2a8ea973631caa89bac18e73a1778b1.exe
    "C:\Users\Admin\AppData\Local\Temp\7fe16efb0990ef8c3ad675d40a9ae800f2a8ea973631caa89bac18e73a1778b1.exe"
    1⤵
    • Drops file in Drivers directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c cacls.exe c:\windows\system32\drivers\etc\hosts /e /t /p everyone:F
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Windows\SysWOW64\cacls.exe
        cacls.exe c:\windows\system32\drivers\etc\hosts /e /t /p everyone:F
        3⤵
          PID:2812

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \??\c:\windows\system32\drivers\etc\hosts
      Filesize

      732B

      MD5

      a10c96ee18298bda150c23034adb223a

      SHA1

      b117771cd2ccf45319ea915ad903a82e454b923b

      SHA256

      144e11750b729a052d232218bc0c22aa2e6a31fc43e161d8f9e257066f5de5d6

      SHA512

      1eb27def48b0f57b53c34e88f294842fb4c970a81e7ad55e7bfa718a98bc0792a5e23eaeaa250dc126d12ae2d39c3fffaaffd6eba3c65d11fd31a359bf6fc61d

      Download Submit
    • memory/2788-41-0x0000000000400000-0x0000000000E1B000-memory.dmp
      Filesize

      10.1MB

      Download
    • memory/2788-2-0x00000000001D0000-0x00000000001D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-5-0x00000000001E0000-0x00000000001E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-7-0x00000000001E0000-0x00000000001E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-9-0x00000000001E0000-0x00000000001E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-12-0x0000000000280000-0x0000000000281000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-14-0x0000000000280000-0x0000000000281000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-17-0x0000000000290000-0x0000000000291000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-19-0x0000000000290000-0x0000000000291000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-24-0x00000000002A0000-0x00000000002A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-45-0x0000000000400000-0x0000000000E1B000-memory.dmp
      Filesize

      10.1MB

      Download
    • memory/2788-0-0x00000000001D0000-0x00000000001D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-36-0x00000000006AD000-0x0000000000922000-memory.dmp
      Filesize

      2.5MB

      Download
    • memory/2788-42-0x0000000000400000-0x0000000000E1B000-memory.dmp
      Filesize

      10.1MB

      Download
    • memory/2788-39-0x0000000010000000-0x0000000010018000-memory.dmp
      Filesize

      96KB

      Download
    • memory/2788-34-0x00000000003C0000-0x00000000003C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-32-0x00000000003C0000-0x00000000003C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-30-0x00000000003C0000-0x00000000003C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-29-0x00000000002B0000-0x00000000002B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-27-0x00000000002B0000-0x00000000002B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-22-0x00000000002A0000-0x00000000002A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-4-0x00000000001D0000-0x00000000001D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-44-0x00000000006AD000-0x0000000000922000-memory.dmp
      Filesize

      2.5MB

      Download
    • memory/2788-35-0x0000000000400000-0x0000000000E1B000-memory.dmp
      Filesize

      10.1MB

      Download