Overview

overview

8

Static

static

8

b973990d3f...09.exe

windows7-x64

8

b973990d3f...09.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    41s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b973990d3fcd4016c3fc1c6e641ac3ba73a2a0a418ea3685dfaf8cbd5d1c8709.exe

  • Size

    238KB

  • MD5

    632aae578b0842d2de11b0a2f90b4c5a

  • SHA1

    59bd5d341fb0222bafba542f21716b60948d696e

  • SHA256

    b973990d3fcd4016c3fc1c6e641ac3ba73a2a0a418ea3685dfaf8cbd5d1c8709

  • SHA512

    331cb3906d5c4414c3c10c6163993c30691d24afcfd37aa31cf65fc58871b7b434d4e94ae9a896e7ce7eaed68b2aaf4a10d6424c865e86d4aae90cf42c83d480

  • SSDEEP

    6144:Q4IUURvX5RnGxlbRsK9wfT053bq1xKD3r/Vs/:QNUAxRGkoJqvKDb/O

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b973990d3fcd4016c3fc1c6e641ac3ba73a2a0a418ea3685dfaf8cbd5d1c8709.exe
    "C:\Users\Admin\AppData\Local\Temp\b973990d3fcd4016c3fc1c6e641ac3ba73a2a0a418ea3685dfaf8cbd5d1c8709.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 188
      2⤵
      • Program crash
      PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1692-56-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1692-58-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download