4142ba6db048aaba5654157f3bbcf733ef6239c3f3c8a05de54d40821caf82ed | Triage

Analysis

max time kernel
118s
max time network
138s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 22:07

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

1.9MB
MD5

d0d33330a4124aea7abbdc615cf9c62a
SHA1

3d08535024655fcf4109ebc3931eda5c29cdc5cc
SHA256

4142ba6db048aaba5654157f3bbcf733ef6239c3f3c8a05de54d40821caf82ed
SHA512

c02161c0173aa08e0f7be8e1a4c83c37cf523c71e34099f59ed448cce34e61e8e26178f2bebd0fad70b1a9e8776b421aa450706f5fd6538c81faab130f3e167c
SSDEEP

49152:uR3U/sqRjx0QPVapsp3/+F+xbmiQxGyq:9RRjx0aMIxqiQF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1512-0-0x0000000000400000-0x0000000000C1A000-memory.dmp	upx
behavioral1/memory/1512-2-0x0000000000400000-0x0000000000C1A000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1512	tmp.exe
1512	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1512-0-0x0000000000400000-0x0000000000C1A000-memory.dmp

Filesize
8.1MB

Download
memory/1512-2-0x0000000000400000-0x0000000000C1A000-memory.dmp

Filesize
8.1MB

Download