Overview

overview

8

Static

static

bef78a640f...d6.exe

windows7-x64

8

bef78a640f...d6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2022 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bef78a640f58757897f8889e956bf738d8e91ebb85590081173211a8a53553d6.exe

  • Size

    96KB

  • MD5

    96d801d8041f11449403e5883c0820f9

  • SHA1

    667e59cb19745b91a0cf0458f30693f7727c45c4

  • SHA256

    bef78a640f58757897f8889e956bf738d8e91ebb85590081173211a8a53553d6

  • SHA512

    b3daa69d6838f7ee6f27e9c27fdd975328dda1a120ff25ff109b7a300dfb1223ae23dd9d4148aaa335a8ade60700132b9fe2eb4f8544f81ab64f4d535f87a838

  • SSDEEP

    1536:n46h0hhDf4LHQAbNVU2e0NahTdot5sAOsP0mn+feZYQ5rO6Yu7Qg7JWvSaaO:q7DfM5VU2e0NahOQsF+vNNgVWl

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bef78a640f58757897f8889e956bf738d8e91ebb85590081173211a8a53553d6.exe
    "C:\Users\Admin\AppData\Local\Temp\bef78a640f58757897f8889e956bf738d8e91ebb85590081173211a8a53553d6.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Users\Admin\AppData\Local\Temp\bef78a640f58757897f8889e956bf738d8e91ebb85590081173211a8a53553d6.exe
      C:\Users\Admin\AppData\Local\Temp\bef78a640f58757897f8889e956bf738d8e91ebb85590081173211a8a53553d6.exe
      2⤵
        PID:1260

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/832-59-0x00000000001E0000-0x00000000001E4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/832-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1260-57-0x0000000000400000-0x0000000002728000-memory.dmp

      Filesize

      35.2MB

      Download

    • memory/1260-58-0x0000000000400000-0x0000000002728000-memory.dmp

      Filesize

      35.2MB

      Download

    • memory/1260-61-0x0000000000400000-0x0000000002728000-memory.dmp

      Filesize

      35.2MB

      Download

    • memory/1260-55-0x00000000001B0000-0x00000000002AA000-memory.dmp

      Filesize

      1000KB

      Download

    • memory/1260-62-0x0000000000400000-0x0000000002728000-memory.dmp

      Filesize

      35.2MB

      Download

    • memory/1260-66-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1260-65-0x0000000000400000-0x0000000002728000-memory.dmp

      Filesize

      35.2MB

      Download

    • memory/1260-67-0x0000000000400000-0x0000000002728000-memory.dmp

      Filesize

      35.2MB

      Download

    • memory/1260-68-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1260-69-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download