Overview

overview

8

Static

static

f628039099...30.exe

windows7-x64

8

f628039099...30.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    171s
  • max time network
    222s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2022 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f62803909949f5b7fb5423ae9d13eca36d4dd697266e89d9ee316a5b43432930.exe

  • Size

    125KB

  • MD5

    7d23338c286e01e10bfae7e253edd043

  • SHA1

    3187595fdda6172f962000c1ee2d8e3caa961561

  • SHA256

    f62803909949f5b7fb5423ae9d13eca36d4dd697266e89d9ee316a5b43432930

  • SHA512

    a3be806b2cbf9327e1017a3dce327fd6de9c314a2b25f94e02852cd242a1a37c0ad37d989456cd08f4c764d6576c762f1ca1d0daf77b920be2ce69fefca748e3

  • SSDEEP

    3072:HExnQVo6RxSITNCzXfQg/trv0CyS8kfEk694R:HE+Vo6kzXfQatrcSD69G

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1036
      • C:\Users\Admin\AppData\Local\Temp\f62803909949f5b7fb5423ae9d13eca36d4dd697266e89d9ee316a5b43432930.exe
        "C:\Users\Admin\AppData\Local\Temp\f62803909949f5b7fb5423ae9d13eca36d4dd697266e89d9ee316a5b43432930.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:880
        • C:\Users\Admin\AppData\Local\Temp\f62803909949f5b7fb5423ae9d13eca36d4dd697266e89d9ee316a5b43432930.exe
          C:\Users\Admin\AppData\Local\Temp\f62803909949f5b7fb5423ae9d13eca36d4dd697266e89d9ee316a5b43432930.exe
          3⤵
          • Suspicious use of SetThreadContext
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:600
          • C:\Users\Admin\AppData\Local\Temp\f62803909949f5b7fb5423ae9d13eca36d4dd697266e89d9ee316a5b43432930.exe
            "C:\Users\Admin\AppData\Local\Temp\f62803909949f5b7fb5423ae9d13eca36d4dd697266e89d9ee316a5b43432930.exe"
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3640

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/0-144-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/600-134-0x0000000000000000-mapping.dmp

      Download

    • memory/600-135-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/600-137-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/600-138-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/600-141-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/600-146-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1036-148-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/3640-143-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3640-142-0x0000000000000000-mapping.dmp

      Download

    • memory/3640-147-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3640-149-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download