Overview

overview

7

Static

static

7

42fb6a26de...c6.exe

windows7-x64

7

42fb6a26de...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2023, 08:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6.exe

  • Size

    3.9MB

  • MD5

    54bddbe096b83e4cf9aca769de0a9812

  • SHA1

    3d5168a8294499f26dc7911e109c62f5c1f514b4

  • SHA256

    42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6

  • SHA512

    294af9670ff9fabe4050de197ff83551de1423eddccf72b52057e04ebab71b26243d2a3379a05c4215cc13265c7e011c6af4a8d197005ffa3505867ab8b21cbe

  • SSDEEP

    98304:oBaMVJ9JmXQ67JmSynQhNrj76fz4muuvFNcrkEB5gX6LKhVG2:ovJfmXQYoQhNf7O4mJncoEgEOVG2

Score
7/10
upxvmprotect

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6.exe
    "C:\Users\Admin\AppData\Local\Temp\42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2412-0-0x0000000000400000-0x0000000000BC6000-memory.dmp

    Filesize

    7.8MB

    Download

  • memory/2412-3-0x00000000779B0000-0x00000000779B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-1-0x00000000779B0000-0x00000000779B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-7-0x0000000075CE0000-0x0000000075CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-9-0x0000000000400000-0x0000000000BC6000-memory.dmp

    Filesize

    7.8MB

    Download

  • memory/2412-12-0x0000000010000000-0x000000001001E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2412-13-0x0000000000250000-0x000000000025B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2412-14-0x0000000000250000-0x000000000025B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2412-15-0x00000000779B0000-0x00000000779B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-16-0x0000000075CE0000-0x0000000075CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-22-0x0000000000400000-0x0000000000BC6000-memory.dmp

    Filesize

    7.8MB

    Download