230f0082865e50035b6852690a86d1c58cdf8f04849bcd108b5f47bfd1fd4f0b | Triage

Analysis

max time kernel
132s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 08:42

Sharing

Report Analysis Logs

General

Target

Storagetest.exe
Size

1.2MB
MD5

cc8e52e5c673f9e23838533bb17e80c6
SHA1

697e90fdd000ee34b3beaeec2250be2ce1844325
SHA256

b9ce5e851ec8fb1c086c0006f3cc257c152101ffc477a64f02713f7f0891eed2
SHA512

2659e2163ddd657f58334631d462c0ffca72522d270f95ef6115dd8f6123f82192149effa3fbd7f6768b7a1a32dcdea0698e4403c528cb3bbbf3570bd088b71a
SSDEEP

24576:aXrirwD+65FFYImeGA9M2Mmg6P49Iou1skEpNfQ4Cx:oryqFFYTAW2hgtusbp98x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral10/memory/960-0-0x0000000000400000-0x0000000003560000-memory.dmp	upx
behavioral10/memory/960-2-0x0000000000400000-0x0000000003560000-memory.dmp	upx

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
960	Storagetest.exe

C:\Users\Admin\AppData\Local\Temp\Storagetest.exe
"C:\Users\Admin\AppData\Local\Temp\Storagetest.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-0-0x0000000000400000-0x0000000003560000-memory.dmp

Filesize
49.4MB

Download
memory/960-1-0x0000000005520000-0x0000000005521000-memory.dmp

Filesize
4KB

Download
memory/960-2-0x0000000000400000-0x0000000003560000-memory.dmp

Filesize
49.4MB

Download