Overview

overview

8

Static

static

8

329009d1bb...01.exe

windows7_x64

8

329009d1bb...01.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    152s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-06-2022 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    329009d1bb983cd18a393f5bd8eef12c630db241414babb998d96c52e151ed01.exe

  • Size

    457KB

  • MD5

    5bd74b4326c0856b12e380c8e89fa866

  • SHA1

    9a4f5f82ecd275118d2d6bd3ad565e3e2519c1b5

  • SHA256

    329009d1bb983cd18a393f5bd8eef12c630db241414babb998d96c52e151ed01

  • SHA512

    cac848287c56b411258f3a8ba24c51da219662ddc1cea7fad482356f405b27edd41978d00d0674276f61cb6732431723cb41ee28d2375d12c67c3c9b97d247c0

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\329009d1bb983cd18a393f5bd8eef12c630db241414babb998d96c52e151ed01.exe
    "C:\Users\Admin\AppData\Local\Temp\329009d1bb983cd18a393f5bd8eef12c630db241414babb998d96c52e151ed01.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1672-130-0x00000000008C0000-0x00000000009D5000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1672-131-0x00000000008C0000-0x00000000009D5000-memory.dmp

    Filesize

    1.1MB

    Download