Overview

overview

7

Static

static

7

5b5291947c...6d.exe

windows7-x64

7

5b5291947c...6d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b5291947c95aff792f2db9203e15f6d.exe

  • Size

    302KB

  • MD5

    5b5291947c95aff792f2db9203e15f6d

  • SHA1

    6d63410862e94c3897e31b66efd09ef50d310693

  • SHA256

    ac6cb6f537a475a754a66cc39ee1c30128a38e60f4df3ef5f01ba42bb7f40a5c

  • SHA512

    7b44938ae05aaabfe1c165bcb45ea313e4cb82249d4ed958d01e4742533285cbc11a7f8aa0eebd7ef2f1ae2e611f541f21daa0b3a59914408c39caaed0ce6057

  • SSDEEP

    3072:2u2i8dssoNyVIa0ARoXU01rPkhSIpwh1zIq9Zi1yZYp2JV/cTHN+rQC6AR:f2/smV5JSXUWz1FrBJY4cTHmQ

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b5291947c95aff792f2db9203e15f6d.exe
    "C:\Users\Admin\AppData\Local\Temp\5b5291947c95aff792f2db9203e15f6d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4192
    • C:\Users\Admin\AppData\Local\Temp\5b5291947c95aff792f2db9203e15f6d.exe
      C:\Users\Admin\AppData\Local\Temp\5b5291947c95aff792f2db9203e15f6d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5b5291947c95aff792f2db9203e15f6d.exe
    Filesize

    36KB

    MD5

    270b189d8f4229216d77bf777e1b2e71

    SHA1

    59edc05e85153ea8ef4b9e345b58529ab1e350ef

    SHA256

    7dca55416fbfd23f27203756869845704113a80e5da58c9396357f76a37f6619

    SHA512

    a84ddb4da9a0375f1d0261c055fef0c1c30d3c0f6dad79e8e3b6295f50e88e63a670bb3ef8fa395e473cdb1f3005acdfe8364661d5998dd770036f9b4536d7f4

    Download Submit

  • memory/3632-14-0x0000000000400000-0x00000000004E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/3632-16-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3632-15-0x00000000014E0000-0x0000000001511000-memory.dmp

    Filesize

    196KB

    Download

  • memory/3632-32-0x0000000000400000-0x00000000004E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/4192-0-0x0000000000400000-0x00000000004E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/4192-1-0x00000000014E0000-0x0000000001511000-memory.dmp

    Filesize

    196KB

    Download

  • memory/4192-2-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4192-13-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download