Overview

overview

7

Static

static

7

79b1c271a9...05.exe

windows7-x64

7

79b1c271a9...05.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 07:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79b1c271a92d7291661b4ac1d21eee05.exe

  • Size

    2.7MB

  • MD5

    79b1c271a92d7291661b4ac1d21eee05

  • SHA1

    655f4b749f78ae5df4776582c608256e59231c4d

  • SHA256

    52a6871e5e018c63c392fc0794183d5f90a95825fcc9e2e46f7e19cdd7de0fbd

  • SHA512

    c630c45fea224b245914f5befb2559f9879826a2fff9cb198827cceed26be13ab4c31bbe9242b031b6036364350aa94790aa3d0dec40881503e8ca50aa187611

  • SSDEEP

    49152:FF1zM5/kyW0eIi61teKR9NALZ2VgYx2QSfue08mUnmkI3j6Bl:25/kyWDp+wKRAD3We3nmvzK

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79b1c271a92d7291661b4ac1d21eee05.exe
    "C:\Users\Admin\AppData\Local\Temp\79b1c271a92d7291661b4ac1d21eee05.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Users\Admin\AppData\Local\Temp\79b1c271a92d7291661b4ac1d21eee05.exe
      C:\Users\Admin\AppData\Local\Temp\79b1c271a92d7291661b4ac1d21eee05.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\79b1c271a92d7291661b4ac1d21eee05.exe
    Filesize

    2.7MB

    MD5

    b358c37caae8edf41b78b77a7b069f9b

    SHA1

    c17175c911c1d63ab4b2fd84272502910fcb7fa5

    SHA256

    411459ccf9dd5915cfa085eb9cb3a584129c23186bcf27ae321964b929c9681c

    SHA512

    e7500e4eb9ed873088bd6240d77e158c56cd76b27253ef8de9e48cd286f16d7ed7a9b0780378fcfb4f9d8d0bd9038d529f466fd6cc18fb276e7afdcb8a4c4911

    Download Submit

  • \Users\Admin\AppData\Local\Temp\79b1c271a92d7291661b4ac1d21eee05.exe
    Filesize

    1.6MB

    MD5

    a2b7d918766477bd24e250966d2ef314

    SHA1

    c9b5737660c25354a184bb8de32184d05301397a

    SHA256

    7c7667010b6581582b77be272b4c4188842e84047a4758889242823c2cb9c339

    SHA512

    0acda06151baad49bd759837b18c0db462b8bf04b55023d7349eedc6774757cefde17b6d26047f795db4a65045912fe873e90c00ced218570c36af32b7b95ef1

    Download Submit

  • memory/2168-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2168-18-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2168-20-0x0000000000280000-0x0000000000392000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2168-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2880-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2880-1-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2880-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2880-15-0x0000000003820000-0x0000000003C8A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2880-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download