Overview

overview

10

Static

static

570321d979...1d.exe

windows7-x64

8

570321d979...1d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2022 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    570321d979893375deffe324e302d88b9fa671a0c0e810543c3547bb7e1db71d.exe

  • Size

    83KB

  • MD5

    39dcf8ea627a41ea51504705a177b6d3

  • SHA1

    1136a5f168767f7653f7ea880e67137c548b5dd7

  • SHA256

    570321d979893375deffe324e302d88b9fa671a0c0e810543c3547bb7e1db71d

  • SHA512

    6c25c1adec7852fa34e76e716f6b70d45673500c1e651b723bdeedd8a9b23376ac32133a61c238f12276d64bc5686535d591c351bf74e98eb18a51075e97ed12

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\570321d979893375deffe324e302d88b9fa671a0c0e810543c3547bb7e1db71d.exe
    "C:\Users\Admin\AppData\Local\Temp\570321d979893375deffe324e302d88b9fa671a0c0e810543c3547bb7e1db71d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Users\Admin\AppData\Local\Temp\570321d979893375deffe324e302d88b9fa671a0c0e810543c3547bb7e1db71d.exe
      C:\Users\Admin\AppData\Local\Temp\570321d979893375deffe324e302d88b9fa671a0c0e810543c3547bb7e1db71d.exe
      2⤵
        PID:1832

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1832-65-0x0000000000407640-mapping.dmp
      Download
    • memory/1832-64-0x0000000000400000-0x0000000000784000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1832-56-0x0000000000400000-0x0000000000784000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1832-71-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1832-57-0x0000000000400000-0x0000000000784000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1832-60-0x0000000000400000-0x0000000000784000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1832-55-0x0000000000300000-0x0000000000400000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1832-63-0x0000000000400000-0x0000000000784000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1832-61-0x0000000000400000-0x0000000000784000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1832-70-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1832-67-0x0000000000400000-0x0000000000784000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1832-68-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1832-69-0x0000000000400000-0x0000000000784000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1932-54-0x0000000076281000-0x0000000076283000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1932-58-0x00000000003D0000-0x00000000003D5000-memory.dmp
      Filesize

      20KB

      Download