Overview

overview

7

Static

static

7

44211f3bf5...2b.exe

windows7-x64

44211f3bf5...2b.exe

windows10-2004-x64

Analysis

  • max time kernel
    0s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 23:45

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    44211f3bf584a0b119a39450fa24cf2b.exe

  • Size

    23KB

  • MD5

    44211f3bf584a0b119a39450fa24cf2b

  • SHA1

    605cefb8eb5b39f15bd5350de18e0155961690b0

  • SHA256

    e8fe63b43481c39a8ec58d77ee57c6ff4a9211d942c05b62a66475f8d2fddd7c

  • SHA512

    1213e9036ee39b1f6002883a00969cf39e69a15d09b16c3317bbc5b8466673b24376313fbaa73f08bf3cc51b73851bb6a62315b9985d3603e90de06c2b7713c1

  • SSDEEP

    384:GbCEXMMADQIrUeNFwx9E5xtT6fkCMst8AdxIiv4dK8y8KG8szTO4Am7UnwtzwGKH:C1NAUsbxtT6sFst/3IrdlLUwG8Znbcut

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\44211f3bf584a0b119a39450fa24cf2b.exe
    "C:\Users\Admin\AppData\Local\Temp\44211f3bf584a0b119a39450fa24cf2b.exe"
    1⤵
      PID:1716
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\EDF.tmp\bla - Kopie.bat""
        2⤵
          PID:2400
          • C:\Windows\SysWOW64\reg.exe
            REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v NOPE /t REG_SZ /d C:\Install\setup.exe /f
            3⤵
              PID:2784
            • C:\Windows\SysWOW64\shutdown.exe
              shutdown -s -f -t 8
              3⤵
                PID:2136
              • C:\Windows\SysWOW64\xcopy.exe
                xcopy setup.exe C:\Install\ /I /Y
                3⤵
                  PID:2872

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\EDF.tmp\bla - Kopie.bat
              Filesize

              909B

              MD5

              116527ecda91d1b6dff211146661e38b

              SHA1

              6d789b8a0f8f3ab770ea62953f002f93dc7bde04

              SHA256

              f6f380baf766b1a9ec89dd1bfc133d21e9bb3879b64c552474ba7fbf0dd470e5

              SHA512

              3d10a3d00c2757e4d6321f4a7e9e787c8ae9d179d11b1056514e40ace6dcb5d4f942977070b5b3e9b88f826218251df88d92175402ce0089e5f24de1f83360ee

              Download Submit

            • memory/1716-9-0x0000000000400000-0x0000000000410000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1716-0-0x0000000000400000-0x0000000000410000-memory.dmp

              Filesize

              64KB

              Download