Overview

overview

10

Static

static

8

916c3c52c3...96.exe

windows7-x64

8

916c3c52c3...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 07:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    916c3c52c3442ab1f8de312466894b5a3c880072a17249c9e86e461fe3758a96.exe

  • Size

    358KB

  • MD5

    a60e7bf353ef320cb8f8082c09e136fc

  • SHA1

    ff280b2519b6c30f7a0ad48af9922bd510d8f172

  • SHA256

    916c3c52c3442ab1f8de312466894b5a3c880072a17249c9e86e461fe3758a96

  • SHA512

    c0d0d2e3e9a38f5fb662e8befe22817bc973b8ea527c76282c08c5521c42146dd306d3df603fced9fdd5fc986a4b52d65b1f529d3c68163a081e72cc6379753e

  • SSDEEP

    6144:GyTYVd5dCC0E8zTSNwpLDPQhmm1rEkosSHwoSFbSK2C6uSl3:GysV57hriRPQwDQoSFbH2OSl3

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\916c3c52c3442ab1f8de312466894b5a3c880072a17249c9e86e461fe3758a96.exe
    "C:\Users\Admin\AppData\Local\Temp\916c3c52c3442ab1f8de312466894b5a3c880072a17249c9e86e461fe3758a96.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 184
      2⤵
      • Program crash
      PID:1100

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1200-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-56-0x0000000000400000-0x00000000008D6000-memory.dmp

          Filesize

          4.8MB

          Download