Overview

overview

7

Static

static

7

14dd0d76fb...1e.exe

windows7-x64

7

14dd0d76fb...1e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 09:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14dd0d76fb95d7dd225b559fa4cfd51e.exe

  • Size

    353KB

  • MD5

    14dd0d76fb95d7dd225b559fa4cfd51e

  • SHA1

    980305e647365494e99df3cc19a854b154bb63c2

  • SHA256

    78cd7cf52c1e934bb04d92baaa48b00af336edd71fa160c18349e9d16a4dfac1

  • SHA512

    3c20458eded671a5b070ebb4f19e542c9298677e2afb1ace8f83a3a92e303792d9a40ef14759d6c2d8cc2b0a8f3ffabffec3ce8603720d717d8779a005ab04ca

  • SSDEEP

    6144:MIj1dhJY4/M14SFuWsZrtZGDuCU76wWEGEBRGQ1fR9DYdxfsLPrPwo+:MeThJYh14/BGoG/EzBx9DYTfmE

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14dd0d76fb95d7dd225b559fa4cfd51e.exe
    "C:\Users\Admin\AppData\Local\Temp\14dd0d76fb95d7dd225b559fa4cfd51e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Users\Admin\AppData\Local\Temp\14dd0d76fb95d7dd225b559fa4cfd51e.exe
      C:\Users\Admin\AppData\Local\Temp\14dd0d76fb95d7dd225b559fa4cfd51e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\14dd0d76fb95d7dd225b559fa4cfd51e.exe
    Filesize

    353KB

    MD5

    be910455637cea6750b466f18e57a420

    SHA1

    fa442ae8bf5c6b76689a09d5e648eb8cf4688b3b

    SHA256

    dfce3baf0cb50ff51a02002ac9b530825033e6c6581f8619a72e51741036d927

    SHA512

    ef4bd6f4cfe1ced5472564b17f9a1c28751ca5292b0381c4e18548d64545679e1b72d272541ae6f056d20f0dc19251da1c5304b0fdeee2d7a7e530f707d07a61

    Download Submit

  • memory/2172-0-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2172-2-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2172-1-0x0000000000170000-0x00000000001A3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2172-14-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2992-16-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2992-17-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2992-29-0x0000000000450000-0x00000000004A0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2992-23-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2992-19-0x0000000000210000-0x0000000000243000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2992-30-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download