Overview

overview

7

Static

static

7

1adc2d4723...89.exe

windows7-x64

7

1adc2d4723...89.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1adc2d4723da59f107adaadb69102a89.exe

  • Size

    1.3MB

  • MD5

    1adc2d4723da59f107adaadb69102a89

  • SHA1

    e046901d18f40f64dfbb9706f801508bdb3c204c

  • SHA256

    2f45db194bcff2a8476adb10a2d481cedf03e354be80f19f5181e6d55178616d

  • SHA512

    195515b6a9829c8c80001c29265ee67d26b47d2631d917335caada1da65fcd073ea550c87e80312abbde03fc9bad03f92b74b54ade7b286f92bbdb5fc41f0b78

  • SSDEEP

    24576:oGP65mkkuY5ZbHwMJvGTyB6loHlf22wxI0rGZ7jHs9CDKCevG:cxdYTwCvca6qAxIfM9CDK

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1adc2d4723da59f107adaadb69102a89.exe
    "C:\Users\Admin\AppData\Local\Temp\1adc2d4723da59f107adaadb69102a89.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\1adc2d4723da59f107adaadb69102a89.exe
      C:\Users\Admin\AppData\Local\Temp\1adc2d4723da59f107adaadb69102a89.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1adc2d4723da59f107adaadb69102a89.exe
    Filesize

    385KB

    MD5

    5176a978ffd711e7bf81bd6429049b78

    SHA1

    1c6521ad8a67c4ac25438a8f4bafdfd9951f3d23

    SHA256

    1270e9f484e891b3f4e7220089c3de7a816432802d5dc5060ced9f8a14ef62c1

    SHA512

    cca2e368625633aa7c37c09c2b957c0862405e4b29f0c17b35c821b36d93ba72635ab0a95fe925c57e427e6e8201ce96c6d5af749c85ec41309130e1c543b6de

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1adc2d4723da59f107adaadb69102a89.exe
    Filesize

    391KB

    MD5

    4f773b293a64a51d0047eba107a921f3

    SHA1

    e443706e997633ecc37cfab449e81bfa263360d2

    SHA256

    7d9acb021bca30d1872488a508bd4ee91ed86d20a96b8a64c2caaa78bad8f662

    SHA512

    1eeed39f6d7bad4923dd2bc0e332dabe78124ff277120613e4708316a302b242b1ab2d26cab9987c5c4f9dd8c29b471d175bd9bf78b9294ac75a699aa9682ade

    Download Submit

  • memory/2212-1-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2212-0-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2212-3-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2212-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2212-16-0x00000000033F0000-0x000000000385A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2212-26-0x00000000033F0000-0x000000000385A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2388-18-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2388-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2388-27-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download