4a1b7614824ecf9503063b8c160840ded11116a27dc0e7d204bd33ccf3f52d1a | Triage

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26/09/2022, 02:55

Sharing

Report Analysis Logs

General

Target

4fd138bc5fb9e8b4af8cbdb53ba1b059.exe
Size

1.7MB
MD5

4fd138bc5fb9e8b4af8cbdb53ba1b059
SHA1

a7de4d500b7440797a7b70bc33c025e2067fbd7b
SHA256

4a1b7614824ecf9503063b8c160840ded11116a27dc0e7d204bd33ccf3f52d1a
SHA512

c988e5ff3dd3a1985507ee4e856c299462adb9ff4db3801d9dea64d1af52e4b7fd849eec1826d38a457973c3dbbf2dd4fb32412798b1263bcfd8abceaeb41684
SSDEEP

49152:TiAb15p2jO/Mp/m1T4hCxtgzX36CF36xe:hzcjmK+1T+Cxtkp6xe

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1672-54-0x00000000011F0000-0x000000000172C000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1672	4fd138bc5fb9e8b4af8cbdb53ba1b059.exe

C:\Users\Admin\AppData\Local\Temp\4fd138bc5fb9e8b4af8cbdb53ba1b059.exe
"C:\Users\Admin\AppData\Local\Temp\4fd138bc5fb9e8b4af8cbdb53ba1b059.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1672-54-0x00000000011F0000-0x000000000172C000-memory.dmp

Filesize
5.2MB

Download