Overview

overview

8

Static

static

8

1f295760d8...b6.exe

windows7-x64

8

1f295760d8...b6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f295760d8ef1f5c0b26ac411eadd44e03c9aa1daf0dbe67bfe7242e2fc040b6.exe

  • Size

    91KB

  • MD5

    417dfc52b2f5dae67db78afa029b81f0

  • SHA1

    9137b360017b2d8683c8666528de373c38d39a02

  • SHA256

    1f295760d8ef1f5c0b26ac411eadd44e03c9aa1daf0dbe67bfe7242e2fc040b6

  • SHA512

    9c18f54dc9663607843216852d1ca924882194afb7519246a08007a22e3e838c38d316e7b26f9f30a33e25a25d51d2b0d192c2dd7e22fb4ba5097430c6c3fb00

  • SSDEEP

    1536:LvXDaN1GEgX0lzsTsfdmr+QL16eUQ3HePuc2CzbziinFwaH8rWng3lnXV84rerxw:zDCcfX0lICdmbLItvZainF5HZg3lXa48

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1208
      • C:\Users\Admin\AppData\Local\Temp\1f295760d8ef1f5c0b26ac411eadd44e03c9aa1daf0dbe67bfe7242e2fc040b6.exe
        "C:\Users\Admin\AppData\Local\Temp\1f295760d8ef1f5c0b26ac411eadd44e03c9aa1daf0dbe67bfe7242e2fc040b6.exe"
        2⤵
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1324

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1208-56-0x0000000002470000-0x000000000247C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1208-59-0x0000000002470000-0x000000000247C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1324-54-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1324-55-0x0000000000020000-0x0000000000030000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1324-57-0x0000000000230000-0x000000000024A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/1324-61-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

      Download