Overview

overview

8

Static

static

ad2ed160dd...71.exe

windows7-x64

8

ad2ed160dd...71.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 20:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad2ed160dd6e6a9b6cdbbe23e7de02bae16ff13b462c0dc3cc9223f15cbd1771.exe

  • Size

    2.9MB

  • MD5

    963f8d05c4d610cb90667346cbf868ca

  • SHA1

    ef7c9cfd7804751ebf2afdf34854da7883d06afa

  • SHA256

    ad2ed160dd6e6a9b6cdbbe23e7de02bae16ff13b462c0dc3cc9223f15cbd1771

  • SHA512

    b424223c1bb063bb0927d80c945ff8c1c6b3b48b285a0faa2b93ae3e443e1601c26cf48c3958ddc26a654fb469a9335d1170ed7e38d00df955ab84737b60ee48

  • SSDEEP

    49152:Igna78O353RKnI3V43VFk+s8KuqGaX0ToIBAUZLYu3E:E7R35QCVSVFHJBAUZLdE

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad2ed160dd6e6a9b6cdbbe23e7de02bae16ff13b462c0dc3cc9223f15cbd1771.exe
    "C:\Users\Admin\AppData\Local\Temp\ad2ed160dd6e6a9b6cdbbe23e7de02bae16ff13b462c0dc3cc9223f15cbd1771.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4852
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 1292
      2⤵
      • Program crash
      PID:4528
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 1292
      2⤵
      • Program crash
      PID:716
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4852 -ip 4852
    1⤵
      PID:4760
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4852 -ip 4852
      1⤵
        PID:3808

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4852-132-0x0000000000400000-0x0000000000724000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/4852-133-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-135-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-136-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-137-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-138-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-140-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-142-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-144-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-146-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-148-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-151-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-153-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-155-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-157-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-159-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-161-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-163-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-167-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-165-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-169-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-171-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-173-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-175-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-177-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-179-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-180-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4852-181-0x0000000000400000-0x0000000000724000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/4852-182-0x0000000010000000-0x000000001003D000-memory.dmp

        Filesize

        244KB

        Download