Overview

overview

8

Static

static

8

864a654f9f...f3.exe

windows7-x64

8

864a654f9f...f3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2022 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    864a654f9f4cf1b123a71a7319b4cf3189977b5745d0d1f72796bca80b9b99f3.exe

  • Size

    150KB

  • MD5

    7af62f59078c25fc83a0101cf619deed

  • SHA1

    5d022bde86071f48f0fd3017474a8752de4de466

  • SHA256

    864a654f9f4cf1b123a71a7319b4cf3189977b5745d0d1f72796bca80b9b99f3

  • SHA512

    2a1ae7b967bef33cf843ce5b715701a80295add5295c9c94f72c7166e4b987f29b438dae6b40da448d99f1ab6a4a89001a35fb3fbc77bedfc9d57d98df93ddb3

  • SSDEEP

    3072:wDCuZBe4kQZbXQRH2mlj7ud7s01Dx+pjH9F5:wDCL45Zb2WW6dY0Jx+ZX

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\864a654f9f4cf1b123a71a7319b4cf3189977b5745d0d1f72796bca80b9b99f3.exe
    "C:\Users\Admin\AppData\Local\Temp\864a654f9f4cf1b123a71a7319b4cf3189977b5745d0d1f72796bca80b9b99f3.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Windows\apocalyps32.exe
      -bs
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:4624
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        3⤵
          PID:4888

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\apocalyps32.exe
      Filesize

      150KB

      MD5

      7af62f59078c25fc83a0101cf619deed

      SHA1

      5d022bde86071f48f0fd3017474a8752de4de466

      SHA256

      864a654f9f4cf1b123a71a7319b4cf3189977b5745d0d1f72796bca80b9b99f3

      SHA512

      2a1ae7b967bef33cf843ce5b715701a80295add5295c9c94f72c7166e4b987f29b438dae6b40da448d99f1ab6a4a89001a35fb3fbc77bedfc9d57d98df93ddb3

      Download Submit

    • C:\Windows\apocalyps32.exe
      Filesize

      150KB

      MD5

      7af62f59078c25fc83a0101cf619deed

      SHA1

      5d022bde86071f48f0fd3017474a8752de4de466

      SHA256

      864a654f9f4cf1b123a71a7319b4cf3189977b5745d0d1f72796bca80b9b99f3

      SHA512

      2a1ae7b967bef33cf843ce5b715701a80295add5295c9c94f72c7166e4b987f29b438dae6b40da448d99f1ab6a4a89001a35fb3fbc77bedfc9d57d98df93ddb3

      Download Submit

    • memory/4624-137-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4624-139-0x0000000040010000-0x000000004004C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4624-142-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4648-132-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4648-136-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download