Overview

overview

7

Static

static

7

2794668ae0...aa.exe

windows7-x64

7

2794668ae0...aa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 14:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2794668ae09bea04706174899a0337aa.exe

  • Size

    1.3MB

  • MD5

    2794668ae09bea04706174899a0337aa

  • SHA1

    04ca150d57c8bf80aaf1a532445614df77b1d95b

  • SHA256

    a1d172c3f39adf80ab811acfafaa84d5524d773a5be53686d0d181d4364e8027

  • SHA512

    c486acc7b845e1ce8db799884893b3c0c24d12a2c4a5e8d7fc297718d9236814cc1f5aa20cbe46567dcf9881d956aec1c17800e9e640a34a09fcd568bd4d473e

  • SSDEEP

    24576:d3OnGaKwfrcSzqvneODcEgyR984DCfHSjqnMQUX1iWilhvG:dZaKwfAGOcWCxeq2

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2794668ae09bea04706174899a0337aa.exe
    "C:\Users\Admin\AppData\Local\Temp\2794668ae09bea04706174899a0337aa.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\2794668ae09bea04706174899a0337aa.exe
      C:\Users\Admin\AppData\Local\Temp\2794668ae09bea04706174899a0337aa.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2794668ae09bea04706174899a0337aa.exe
    Filesize

    26KB

    MD5

    b8769b710da58f430a54c3e3a1fbe4ed

    SHA1

    bc517426218ff4687c33ad647d9a4d3e7664df75

    SHA256

    55d0d519cc5a8e5475837f0f2b1bfb8d5b604cd2cb75659935950a7459f787bd

    SHA512

    df6e8171717dcbc5fc67e8390e250108a34ce6025ed0a1db6a35d463817ea6a632f10b071fb013edf229315a27bd48f09bfd69611602e217f3fcecbb7a4460df

    Download Submit

  • memory/2168-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2168-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2168-13-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2168-1-0x0000000001BD0000-0x0000000001CE2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2520-17-0x0000000001870000-0x0000000001982000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2520-15-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2520-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2520-23-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download