Overview

overview

7

Static

static

3

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.exe

  • Size

    11.7MB

  • MD5

    4b493a0327eea41a468ec32685eeba25

  • SHA1

    036bcbf9e1d777c68962ce3e6ff24fbe4acb03d6

  • SHA256

    82322372016b1c70f411ad0835fccf2a2a4cc10d34ec62dc52c0ae216ced4158

  • SHA512

    c8efae56ada521327b80c09a9cbf84604886ba999904c48d2e0318278e4a60357834f7ec2b3b41189dc85024101c7d7e5b6d713b151d75571bf4fc4b38ca9d8c

  • SSDEEP

    196608:+rD4RGdMjEznvLjv+bhqNVoB6Ck5c7GpNlI41J2mJLVk9ntlRbvOXiWCU0:hUdMjOjL+9qz86Ck+7q3D1Jq1bmXiWCU

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\main.exe
      "C:\Users\Admin\AppData\Local\Temp\main.exe"
      2⤵
      • Loads dropped DLL
      PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI30122\python312.dll
    Filesize

    267KB

    MD5

    08e972938b0158a36181be374495cc37

    SHA1

    41ed01488f991c0da8517847617de08d2d49a68f

    SHA256

    d0fcf40b7f7961be6e63d604139cd6ffcd054cd9ebc92f0df2fa5bb8519e7131

    SHA512

    f2ee2940ce4bf0ef2a2719aa2d575187c6dfe3bb6faa598cf83f25d34890997a8c3aff522fef08e49027effbcd8ded496893536fd26093bff308c023c3c57c89

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30122\python312.dll
    Filesize

    92KB

    MD5

    9374663514d0dfaedf07ee074df997b7

    SHA1

    c9368e5a9301dcca9a3e918dab34667f90df325b

    SHA256

    df53e2b61760d91905825f70dbf3cd053098d2a9d32abcf7296171570c07d318

    SHA512

    6b8fdb97261056952ce2c3432bf3c4037e92822fc28a99443a3eca2b2f4a82a39637b37c5890d179f0c63df6009ba36a555876ad51588cd736fb1cd6e7da7435

    Download Submit

  • memory/2572-73-0x000007FEF5CA0000-0x000007FEF6378000-memory.dmp

    Filesize

    6.8MB

    Download