Overview

overview

7

Static

static

7

b2a8d3fd34...e4.exe

windows7-x64

7

b2a8d3fd34...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b2a8d3fd34544949740db41ac7e94fe4.exe

  • Size

    5.3MB

  • MD5

    b2a8d3fd34544949740db41ac7e94fe4

  • SHA1

    79365ab5f29defac636b08114e875576b4530532

  • SHA256

    28ad0323bd7a692b01bbf441a58d0062cbe90aa8de651a7b06883f86dee85d58

  • SHA512

    25f88e76d364fc2fcdb4186373bfb511a47e99aa46545acdd944ba29b0775a79207f39045671f7b9ecba3985f63793b21a51ef36e888207f999e702a7d0957ec

  • SSDEEP

    98304:SgrEgCA+59SPv64i956mSLMW7QRYZwuSPv64i956mSLMW:xrR/Q9SPv64i95HAMQQRYXSPv64i95Hr

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe
    "C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4168
    • C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe
      C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe
    Filesize

    116KB

    MD5

    83f542d0ec0ca048ee400b76a691aa54

    SHA1

    0929539f156027b26ea6ae8e17f2114f1baaa730

    SHA256

    a8ac0904e012d2a7ab5c539bd14c15ec6f549ec33d1a6bb710f09b5b8a348ee7

    SHA512

    4d46b9ccf9f4d96492f24e2266d957e2e04ec85f4bc19d91d9e923b6b2ee84a70a9702fe71ddfdcbe3314361100e669695deb3bfd45b9efb390ac33f583debf1

    Download Submit

  • memory/4168-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4168-1-0x0000000001870000-0x0000000001982000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4168-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4168-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4180-17-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4180-16-0x0000000001870000-0x0000000001982000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4180-15-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4180-24-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download