Overview

overview

7

Static

static

7

441b4f87c3...60.exe

windows7-x64

7

441b4f87c3...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 18:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    441b4f87c32a2b75a492138114ad3a5a14a0289e0f799156f54dfc2a963dbf60.exe

  • Size

    223KB

  • MD5

    fa490ec9072317b7db12a0003ca60a2f

  • SHA1

    c922c2d66393a5a6daedb55173b15507e1640963

  • SHA256

    441b4f87c32a2b75a492138114ad3a5a14a0289e0f799156f54dfc2a963dbf60

  • SHA512

    3b3b0f4d5541feb32569b996dcac208d6beabbefb1dbf03b7598186c867a07fab3a748d276e4eb2f5932b0c4fe92b3747518b1f8ae4fe8ae4d28e9eec166c565

  • SSDEEP

    3072:dZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:XwPSUONLNsuWA7koN+boRi9S6oiz72D

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\441b4f87c32a2b75a492138114ad3a5a14a0289e0f799156f54dfc2a963dbf60.exe
    "C:\Users\Admin\AppData\Local\Temp\441b4f87c32a2b75a492138114ad3a5a14a0289e0f799156f54dfc2a963dbf60.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2020

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2020-0-0x00000000000B0000-0x000000000011E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/2020-1-0x00000000000B0000-0x000000000011E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/2020-2-0x00000000000B0000-0x000000000011E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/2020-8-0x00000000000B0000-0x000000000011E000-memory.dmp

          Filesize

          440KB

          Download