Overview

overview

10

Static

static

8

61355aa34d...e0.exe

windows7-x64

10

61355aa34d...e0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    3s
  • max time network
    27s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2022 08:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61355aa34d9454f597770e7bd8fdfe93fe71a2edc663853b4e1a862268a3bee0.exe

  • Size

    255KB

  • MD5

    d1dd2cf7a5d0dd9ef6f0fa84c9c7a635

  • SHA1

    2ce8f163dc431940a3455a38d1e66acbfa247a7b

  • SHA256

    61355aa34d9454f597770e7bd8fdfe93fe71a2edc663853b4e1a862268a3bee0

  • SHA512

    63a4db03256fb326da8e3453e24fb16181fbfd097bef30dd97da47e0cb1379093f3ff904ce9dae4eb8d60dfda0897cd454df2fb554aaaf06992bffe195139542

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJz:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI0

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\61355aa34d9454f597770e7bd8fdfe93fe71a2edc663853b4e1a862268a3bee0.exe
    "C:\Users\Admin\AppData\Local\Temp\61355aa34d9454f597770e7bd8fdfe93fe71a2edc663853b4e1a862268a3bee0.exe"
    1⤵
      PID:4764
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
        2⤵
          PID:1288
        • C:\Windows\SysWOW64\etobkcaqayckm.exe
          etobkcaqayckm.exe
          2⤵
            PID:4956
          • C:\Windows\SysWOW64\mjongmwg.exe
            mjongmwg.exe
            2⤵
              PID:5032
            • C:\Windows\SysWOW64\bbubpaxabystbjo.exe
              bbubpaxabystbjo.exe
              2⤵
                PID:5028
              • C:\Windows\SysWOW64\vebmjkaiul.exe
                vebmjkaiul.exe
                2⤵
                  PID:3080

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Windows\SysWOW64\bbubpaxabystbjo.exe
                Filesize

                29KB

                MD5

                c02173450fbda529892aa145f4660eb9

                SHA1

                92a960ea30bbd658e658649ec4099d4a2d76062b

                SHA256

                08f66fe2adfc699cddba331c272dc1052cf62fb2ffd31d87ef6da294b3940b79

                SHA512

                cad043a0fea0f9d66ba0e407b0c647314922b3fca6a07a40f97b9afeee89481a7549ac6ffa0068fa2b3a1fb602416d91c3f5ec36e185dc9877a620d1d7043da2

                Download Submit

              • C:\Windows\SysWOW64\bbubpaxabystbjo.exe
                Filesize

                21KB

                MD5

                69252febd44f1c29ead120db1e83858b

                SHA1

                54a2d9e117453044f43905ddb7df8e9a0b5cb3f2

                SHA256

                7c654bc514ff5047cecd269a6c6599b84bc7bf88a64d70bb7a5d208dfd61e9c5

                SHA512

                0a120069838da41c967694c5de691a071067211e390a6e5c0989afe9434ff1fa4f3143639994e17b4c1bbf0cae7f73e01231627e67d399352e25d3bce8520965

                Download Submit

              • C:\Windows\SysWOW64\etobkcaqayckm.exe
                Filesize

                29KB

                MD5

                92fea1146ecdbe0a37c2221153a090f7

                SHA1

                dc1c2dfa5cd550dd76c720e917cbaa9a0ed60087

                SHA256

                2a768b6bdb1ca07e08a9feab8d38a11f45be551086b2ae4c2377992ba7329677

                SHA512

                abb00a9468cbd68c72f468ecaa610a66f2b8ed06ab3f53c0bbdfef917c3d85bae242a0f48370a4a912c68c0a4ef20b68b4d34017883c79193d62b35e1041e3e9

                Download Submit

              • C:\Windows\SysWOW64\etobkcaqayckm.exe
                Filesize

                24KB

                MD5

                ee661391a94901ba021ea0c6ee0b5559

                SHA1

                54dcb090ca49e1f075390d1feca6f8dc70ab8020

                SHA256

                ba1edf3b75f2a9d176b1b6db7cc64ec9a179dc041c6d4b3dfb211e50ffa810fe

                SHA512

                e0d95c48c1b45a7a1d1f94c4c2526d5deddaef6cb27de8bafee33636c33c9f3b9b143dc992a0a15367ab523e1180d5cd531448cbd8eaa6ec6ec951c73aa64577

                Download Submit

              • C:\Windows\SysWOW64\mjongmwg.exe
                Filesize

                55KB

                MD5

                9b28f4a78081ed7017195e533ba177b4

                SHA1

                218c18fafa944368c7526d8d4b852022c7c56078

                SHA256

                47bfb5178f91cdf9157b9535fb5e646408034c2cef10d1590cf22b0cd869908b

                SHA512

                873ee48e483347768ea4c6f1c1eead4860a1ff4dfdfae0eb4e93d816d1f50218ee1518871ffabeffdd83b424a92c136b44d05794838d26e4bd8854280c14355e

                Download Submit

              • C:\Windows\SysWOW64\mjongmwg.exe
                Filesize

                44KB

                MD5

                352247b36c1a08ebfd6c01431b8338cd

                SHA1

                1a533a0976005b33b72c36ed402748a4b101124d

                SHA256

                dca533b4a493ae5f6fbf7e1e90cfba93b4bb9b7f7dd150f47a9c1583ec2517ba

                SHA512

                1747d0c573fca610d9dbea2170183a2b465e2bb7263cf04b57b8c83b3071f2cc3c50c67a1c8b171c5c83f6f1f6e3b64ac1a2132351b26dd027e9f281b3b3da43

                Download Submit

              • C:\Windows\SysWOW64\vebmjkaiul.exe
                Filesize

                29KB

                MD5

                fc8dcb79f5b030584b745813ead2e8f1

                SHA1

                a4228dbaec917cdc9cb1d016bae5fbd8276f99b1

                SHA256

                53f6a9d416666910aa1908bfe4366de34dc78db12543996aeaab88bd12fb712c

                SHA512

                e343682ef738b3775f04a6ce5b271fd82d177677a66cded5969562b4197d771122c924b06aa21a879095f7fa1305043c128f4503712e8fe449018b81cc47de5c

                Download Submit

              • C:\Windows\SysWOW64\vebmjkaiul.exe
                Filesize

                18KB

                MD5

                d66c365bdee52017e7433e74e76eb434

                SHA1

                173220d8860a88b65331dcdc68703dd4274f129e

                SHA256

                befb97e47f4307d383848ab79d3d6731dc72c6f22e6bfe03dd1fe1b489b91c34

                SHA512

                eced4a5d224a67163d51a43de5602161478c8966595401db5f6244c38810dcd035eab16704cb211bc233732b389b83646becda7322e55007b758b50e2120c496

                Download Submit

              • memory/3080-140-0x0000000000400000-0x00000000004A0000-memory.dmp

                Filesize

                640KB

                Download

              • memory/4764-136-0x0000000000400000-0x00000000004A0000-memory.dmp

                Filesize

                640KB

                Download

              • memory/4764-147-0x0000000000400000-0x00000000004A0000-memory.dmp

                Filesize

                640KB

                Download

              • memory/4956-150-0x0000000000400000-0x00000000004A0000-memory.dmp

                Filesize

                640KB

                Download

              • memory/5028-148-0x0000000000400000-0x00000000004A0000-memory.dmp

                Filesize

                640KB

                Download

              • memory/5032-149-0x0000000000400000-0x00000000004A0000-memory.dmp

                Filesize

                640KB

                Download