Overview

overview

7

Static

static

7

78d8c3771d...c5.exe

windows7-x64

7

78d8c3771d...c5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    172s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 15:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    78d8c3771d31599fc2986dd995859ec5.exe

  • Size

    93KB

  • MD5

    78d8c3771d31599fc2986dd995859ec5

  • SHA1

    54025e2e6e55b31ba0a6150e81cb6f8e6eb9517e

  • SHA256

    109214248ea9df40acd2027339410dba8a48923eb9f58e27d461c0ddac463aae

  • SHA512

    370e6409cb9185e36b28d51dba621f51fa44ee86dfaca53b2837599cf67e8e40a31638e478c310cadd4dbcbc112da85e7c9a1c992c44425c0c2606fea3565213

  • SSDEEP

    1536:LtVdTStdV/VXtTmSTrVafD0vTcHKsBmNZJEZJ1KLMCN0nouy8TuTUvLByf5:LtVNS5/NNZ4HKE3f1cMLoutCT4Ef5

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78d8c3771d31599fc2986dd995859ec5.exe
    "C:\Users\Admin\AppData\Local\Temp\78d8c3771d31599fc2986dd995859ec5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5108
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:4808

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\Downloader.log
            Filesize

            1KB

            MD5

            4c5e0bbc01486e9db7a7429e0741af63

            SHA1

            82b3dce2995a4eede8d04c492184d38c14716a42

            SHA256

            a073543afa699a5a77b1d0de45eac6435a727bb15a4ff1aa8a110818d5fea168

            SHA512

            4d1054ecc592104cdeb4571551b03a43a6d7c1d1174a667626e18f9bcb5ab82138a181cfceff7be3e4d559c3be0fd8b65a903675cb09c6b92dcb1c9133e805dc

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\hd.vbs
            Filesize

            245B

            MD5

            d8682d715a652f994dca50509fd09669

            SHA1

            bb03cf242964028b5d9183812ed8b04de9d55c6e

            SHA256

            4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

            SHA512

            eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\init.xml
            Filesize

            409B

            MD5

            1661f94cd7a2491fa575a607687710a6

            SHA1

            c9874b3c58cff2f87571add87ecb7b2d16b8c5a6

            SHA256

            cbccd750847278a288cd612d35a58825a5571f438ca44742f6204f9440a095fa

            SHA512

            e0341dc9e89a573f38406dcbece4176c6cd354815f5dfb49a5ead7ed77f02e93339bc5b36bd5424e03ad7b441e239a3db3fca59acae2bf137195ba62c3811b75

            Download Submit

          • memory/5108-0-0x0000000000A80000-0x0000000000AB8000-memory.dmp

            Filesize

            224KB

            Download

          • memory/5108-30-0x0000000000A80000-0x0000000000AB8000-memory.dmp

            Filesize

            224KB

            Download