Overview

overview

7

Static

static

7

863749db01...90.exe

windows7-x64

7

863749db01...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    863749db0174fc590d17a8230adbb190.exe

  • Size

    116KB

  • MD5

    863749db0174fc590d17a8230adbb190

  • SHA1

    2f7949d6983c9e3e62c1fed25e4f7c4cdc30c70c

  • SHA256

    e448aea2db268bb236f337f69230e23e2126d63a7d356c5efcdfaf2ea31c1120

  • SHA512

    04fa6da39aff941355098ef5f9e0191d19c96a100357ed2a0fb93d012df30adaaedde043eb3953c47c274dcbedfaeb47477970621b7fd920b7eacbbf3ce38cea

  • SSDEEP

    3072:6zZwFzmY5dYNa+gq/d0d/QqVBA/A7C0LyPTmXRLu:mxYtqSogB/7r+P8k

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\863749db0174fc590d17a8230adbb190.exe
    "C:\Users\Admin\AppData\Local\Temp\863749db0174fc590d17a8230adbb190.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\863749db0174fc590d17a8230adbb190.exe
      C:\Users\Admin\AppData\Local\Temp\863749db0174fc590d17a8230adbb190.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\863749db0174fc590d17a8230adbb190.exe
    Filesize

    116KB

    MD5

    859d12714b343bb195500a75bd9043d3

    SHA1

    4958af96c8859890a83bd9ee374b7ba22828f3a2

    SHA256

    3d86e4c1540478cdb2522b8194da041ce46c96261a318ed747dfd8ba0feddd87

    SHA512

    b302793ffbed7c81746bc0c553d83cca5304ba5532a59045704363603d0acd3bc714b0f3154feef60f46fea0bd66225501078a0f1c7d7060e1db6161366c25fd

    Download Submit

  • memory/2108-0-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2108-1-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2108-8-0x0000000000140000-0x000000000015D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2108-13-0x0000000000170000-0x00000000001E6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2108-16-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2968-18-0x0000000000140000-0x000000000015D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2968-20-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2968-26-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2968-31-0x0000000000170000-0x000000000018D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2968-32-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download