Overview

overview

8

Static

static

8

380ffa9405...19.exe

windows7-x64

8

380ffa9405...19.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 15:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    380ffa94051aa01819776510269b5cfd4147de2b0b085d50a1d0e88c1e08e819.exe

  • Size

    238KB

  • MD5

    746b458f44f37fc268e9d815a0d544a5

  • SHA1

    6e9c2a4c4f482dff41f63fad55851326b9310487

  • SHA256

    380ffa94051aa01819776510269b5cfd4147de2b0b085d50a1d0e88c1e08e819

  • SHA512

    6ac9f3b1b47f2eb452c896e57020ca56e64ab88a490e133260b6022e3468a9fdfe5df841faee9a77929ae847f863d47e0b2425bd390853a630e0fdcbbeb184ae

  • SSDEEP

    6144:RiBB9gankXFjaGBnN5m+1J8SZfQXL1pBP:RizWjtNs+1J8zXL1pBP

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\380ffa94051aa01819776510269b5cfd4147de2b0b085d50a1d0e88c1e08e819.exe
    "C:\Users\Admin\AppData\Local\Temp\380ffa94051aa01819776510269b5cfd4147de2b0b085d50a1d0e88c1e08e819.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:1016

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1016-55-0x0000000000100000-0x0000000000109000-memory.dmp

            Filesize

            36KB

            Download

          • memory/1016-57-0x0000000000100000-0x0000000000109000-memory.dmp

            Filesize

            36KB

            Download

          • memory/1016-60-0x0000000000740000-0x0000000000748000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1016-61-0x0000000000100000-0x0000000000109000-memory.dmp

            Filesize

            36KB

            Download

          • memory/1976-54-0x0000000000400000-0x000000000044F000-memory.dmp

            Filesize

            316KB

            Download

          • memory/1976-59-0x0000000000290000-0x00000000002A4000-memory.dmp

            Filesize

            80KB

            Download