Overview

overview

7

Static

static

3

ca5d56f2f6...e9.exe

windows7-x64

7

ca5d56f2f6...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08-06-2023 01:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca5d56f2f698bb168ed023396a47fee9.exe

  • Size

    7.4MB

  • MD5

    ca5d56f2f698bb168ed023396a47fee9

  • SHA1

    627e7c0ebb0da62dec451278d80e2d6b554bab7a

  • SHA256

    c4fa002b0aa952f605e44fbcd5438547f6d0dccf76b7ea224ce395970887ff83

  • SHA512

    0b263d3e2b77ba64097323f0d839f7065cd1288c8ca7a31096170c1747ab83f60aa4113543395d3506a3ca3c76f96d285f50e5921bf150bd92addc9ba81a882e

  • SSDEEP

    196608:5Olih8Fwjd9eN0x+yAiWfs3Hpdou+R2lBZUsdbL:0LFumy7QfsXpORCZVbL

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca5d56f2f698bb168ed023396a47fee9.exe
    "C:\Users\Admin\AppData\Local\Temp\ca5d56f2f698bb168ed023396a47fee9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Users\Admin\AppData\Local\Temp\ca5d56f2f698bb168ed023396a47fee9.exe
      "C:\Users\Admin\AppData\Local\Temp\ca5d56f2f698bb168ed023396a47fee9.exe"
      2⤵
      • Loads dropped DLL
      PID:676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI12602\python310.dll
    Filesize

    1.5MB

    MD5

    d366db026edf7875a5e3d0cf42808148

    SHA1

    fc60d2581c4cdb4f240d8769dc5154b1f48e616d

    SHA256

    6d70ac2367a5794aea069883c12261694755b79454337afbce4f672930652d7f

    SHA512

    479397f006cc943b61c11e229e22433fc2e0b3446359d0ea7f7b8882f953a1f1453920ccf6a674b1f076af316562573825cff33c23d6e7e0abc142b832377153

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI12602\python310.dll
    Filesize

    1.5MB

    MD5

    d366db026edf7875a5e3d0cf42808148

    SHA1

    fc60d2581c4cdb4f240d8769dc5154b1f48e616d

    SHA256

    6d70ac2367a5794aea069883c12261694755b79454337afbce4f672930652d7f

    SHA512

    479397f006cc943b61c11e229e22433fc2e0b3446359d0ea7f7b8882f953a1f1453920ccf6a674b1f076af316562573825cff33c23d6e7e0abc142b832377153

    Download Submit

  • memory/676-82-0x000007FEF5D70000-0x000007FEF61DF000-memory.dmp

    Filesize

    4.4MB

    Download