Overview

overview

7

Static

static

7

5806fd2fe5...f2.exe

windows7-x64

7

5806fd2fe5...f2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 05:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5806fd2fe5709c171a139c6023a34cf2.exe

  • Size

    115KB

  • MD5

    5806fd2fe5709c171a139c6023a34cf2

  • SHA1

    407ce2b1383903106ea854eb1d1ec9eb01088a43

  • SHA256

    72a883956367f5bef09ced0363fef767b36e431e8ac00cfe56c740f539aecd82

  • SHA512

    0dd582a1a4520cfd0a2fec546c86d9d6585d263c1521728404e2fee8466b79b5c5408bbad3a07df81ccffa991f7662aab242a3dbd11396628faf3dd03d3792c3

  • SSDEEP

    3072:4I5cF85OAMe5DREJfSicSEM+P+1CbNNylvjelDd05NZY6JQnxhe:4I5POAHSCSX2oCbnYa6Ne6Jmxhe

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5806fd2fe5709c171a139c6023a34cf2.exe
    "C:\Users\Admin\AppData\Local\Temp\5806fd2fe5709c171a139c6023a34cf2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Users\Admin\AppData\Local\Temp\5806fd2fe5709c171a139c6023a34cf2.exe
      C:\Users\Admin\AppData\Local\Temp\5806fd2fe5709c171a139c6023a34cf2.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1240

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\5806fd2fe5709c171a139c6023a34cf2.exe
          Filesize

          115KB

          MD5

          5a3654095ac9e3aca63aa52318e0528e

          SHA1

          321fd39a720a9dbcad0e3c68eb6fba57cc72f9e7

          SHA256

          edb6d14b0c9ce445509762ab4f25bb3af29c66133f6c9e11bfec473b340d8c0d

          SHA512

          044361c50eb06ab2eabe120f433df5dd047bcf49ddd23ff33554ed75d1c1168f8dd03e4be9197583a346c41b1bff143965ebb541a06940dc0a7ce89c79341d53

          Download Submit

        • memory/1240-18-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/1240-21-0x0000000000140000-0x000000000015D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/1240-30-0x0000000000170000-0x000000000018D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/1240-26-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1240-32-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/2052-0-0x0000000000400000-0x0000000000475000-memory.dmp

          Filesize

          468KB

          Download

        • memory/2052-2-0x0000000000140000-0x000000000015D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2052-1-0x0000000000400000-0x000000000041D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2052-16-0x0000000000170000-0x00000000001E5000-memory.dmp

          Filesize

          468KB

          Download

        • memory/2052-15-0x0000000000400000-0x000000000041D000-memory.dmp

          Filesize

          116KB

          Download