Overview

overview

7

Static

static

7

5d8e33cc29...59.exe

windows7-x64

7

5d8e33cc29...59.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    89s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 03:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5d8e33cc2934455b20814f8cba436059.exe

  • Size

    2.7MB

  • MD5

    5d8e33cc2934455b20814f8cba436059

  • SHA1

    4656af0158b65ffa3b247518636e8b07a45d44fe

  • SHA256

    317cabf0de8b57cb6e9849ad29424e615d23a591a1ce9ee459ce082565654e81

  • SHA512

    df87d48255704c4e3db4b90e71d46239efc165d44cf8cfb465ee50a8c8920e623ea5f1ce6b3526b1742803eb2889301cf51e51083500c1124d6569499b3653ca

  • SSDEEP

    49152:LdOrGdqK0agGSrjMDvQ3eoI5OR9ktBc1+Q4YdxSChG38bDUggR9t:LdOfKBg9rMvdH5OHktBcwQDM2YIDULHt

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d8e33cc2934455b20814f8cba436059.exe
    "C:\Users\Admin\AppData\Local\Temp\5d8e33cc2934455b20814f8cba436059.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Users\Admin\AppData\Local\Temp\5d8e33cc2934455b20814f8cba436059.exe
      C:\Users\Admin\AppData\Local\Temp\5d8e33cc2934455b20814f8cba436059.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4328

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5d8e33cc2934455b20814f8cba436059.exe
          Filesize

          5KB

          MD5

          3404d620bb408db52708cac35424070d

          SHA1

          ec33b89e4623d6cd7024932a243faa504eca0d1e

          SHA256

          e33b9b791fae161ce8aa7d29966ae60d8d3730ad3af9555eee71bdc0e96edad3

          SHA512

          ab9e41db2d1e6cb844558abb18c3755e97bf765d5d50901daca357a5380f978a073e87ae614ecb8b228325a73145609d228b9300b74a20e3013b74039845f0b5

          Download Submit

        • memory/320-0-0x0000000000400000-0x00000000008E7000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/320-2-0x0000000000400000-0x0000000000622000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/320-1-0x0000000001C50000-0x0000000001D81000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/320-12-0x0000000000400000-0x0000000000622000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4328-14-0x0000000001CE0000-0x0000000001E11000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4328-16-0x0000000000400000-0x00000000008E7000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/4328-13-0x0000000000400000-0x0000000000622000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4328-20-0x00000000055D0000-0x00000000057F2000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4328-21-0x0000000000400000-0x0000000000616000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4328-28-0x0000000000400000-0x00000000008E7000-memory.dmp

          Filesize

          4.9MB

          Download