Overview

overview

7

Static

static

3

fed9729daf...e5.exe

windows7-x64

7

fed9729daf...e5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    65s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 22:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fed9729daf0a24d704c2a393a1549af9216e4cfe879f1d630f8fba0ffcb87de5.exe

  • Size

    2.3MB

  • MD5

    72d577afd080b6d0afadfd33a0023840

  • SHA1

    3e176e18c6fde2b71c428a6011a06df7afb79c10

  • SHA256

    fed9729daf0a24d704c2a393a1549af9216e4cfe879f1d630f8fba0ffcb87de5

  • SHA512

    bef429aaa3b8fab35444de156bc137743b7c3b634a86aca73319ada94a29d6cc47a8df6d9791b6c676d117a4c3dae041e8178c2a9e12281db9f4138cfcee113f

  • SSDEEP

    49152:UjNyZclD9pVdF8xN/q+s8KuqGaX0ToIBAUZLYal:cMZclDPFwN/5JBAUZLX

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fed9729daf0a24d704c2a393a1549af9216e4cfe879f1d630f8fba0ffcb87de5.exe
    "C:\Users\Admin\AppData\Local\Temp\fed9729daf0a24d704c2a393a1549af9216e4cfe879f1d630f8fba0ffcb87de5.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2732
    • \??\c:\admin.exe
      c:\admin.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2608

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\admin.exe
          Filesize

          372KB

          MD5

          9ed304603b3c00d5168b76a0b61332f0

          SHA1

          50f57ac837f9a325058a73181a4d33e2a66b4f8d

          SHA256

          1ce90640766c1c1bb7d18fc94f429b794811d11d1a0b627696ab07f9075f7114

          SHA512

          b96358c2c8950454c5ef17438ecd02525d116447af6ecefa9cdaaddd7b18634c46b23252d3d26f3c46c50df470ed9a405f652c53798e0d6a39c28f6a112d5af4

          Download Submit

        • C:\admin.exe
          Filesize

          372KB

          MD5

          9ed304603b3c00d5168b76a0b61332f0

          SHA1

          50f57ac837f9a325058a73181a4d33e2a66b4f8d

          SHA256

          1ce90640766c1c1bb7d18fc94f429b794811d11d1a0b627696ab07f9075f7114

          SHA512

          b96358c2c8950454c5ef17438ecd02525d116447af6ecefa9cdaaddd7b18634c46b23252d3d26f3c46c50df470ed9a405f652c53798e0d6a39c28f6a112d5af4

          Download Submit

        • memory/2608-7-0x0000000000400000-0x0000000000515000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2608-8-0x0000000000400000-0x0000000000515000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2608-12-0x0000000000400000-0x0000000000515000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2732-2-0x00000000022F0000-0x0000000002405000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2732-9-0x00000000022F0000-0x0000000002405000-memory.dmp

          Filesize

          1.1MB

          Download