Overview

overview

7

Static

static

7

6354ddd444...2f.exe

windows7-x64

7

6354ddd444...2f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    165s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 09:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6354ddd444fdbfab060ae528b997292f.exe

  • Size

    119KB

  • MD5

    6354ddd444fdbfab060ae528b997292f

  • SHA1

    63752a8f4571076e5c8de9a340817da2020efcf0

  • SHA256

    517ba422076d2012c5741bc5bd7ff5eb5d02e8e89919189be03fb5d5fc59b45d

  • SHA512

    bbecf036b2f5e9bdf76771023e28139572f44262380a7c397e26047943d19c2a811b9761491b07b2a8bf6ca3c3c214fd923ab7d12a3222312ae0c04f8eb836ee

  • SSDEEP

    3072:EZ5sM52KMUT5Zu//qAZ09x0WB8S7b3WlK4:E8tKbuV0bpml

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6354ddd444fdbfab060ae528b997292f.exe
    "C:\Users\Admin\AppData\Local\Temp\6354ddd444fdbfab060ae528b997292f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:2764

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2080-0-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2080-1-0x00000000001B0000-0x00000000001B3000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2080-2-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2080-5-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2764-4-0x0000000000080000-0x0000000000089000-memory.dmp

            Filesize

            36KB

            Download

          • memory/2764-3-0x0000000000080000-0x0000000000089000-memory.dmp

            Filesize

            36KB

            Download

          • memory/2764-6-0x0000000000080000-0x0000000000089000-memory.dmp

            Filesize

            36KB

            Download

          • memory/2764-9-0x0000000000080000-0x0000000000089000-memory.dmp

            Filesize

            36KB

            Download