Overview

overview

7

Static

static

7

05d40799ee...fa.exe

windows7-x64

7

05d40799ee...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 22:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    05d40799ee20702ec37f64d818f64ffa.exe

  • Size

    1.3MB

  • MD5

    05d40799ee20702ec37f64d818f64ffa

  • SHA1

    91806e78aee452ad4592126ea61c7cca7e9b4e2e

  • SHA256

    b2e742e7b8aefc3d8bb105afde938b3eee33d5e70469feabe1cbbee3982fd105

  • SHA512

    ffc61e81c6ee65fe4f71a2d052125144acd8d6ce4ab47fcb3a6504a9729d1908e7078c414eae417b78f30170267e6c5a6f68d1ee359a7a6c802f2a64ac1af0b4

  • SSDEEP

    24576:roIkiKBHGlY8Z0KqaTpTkdgR82ovhYkDgzhnMf5eLdcpMGQ+fvG:roiKxLEU6QhRwMxydck

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe
    "C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1012
    • C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe
      C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4196

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe
          Filesize

          97KB

          MD5

          4e61e016e669e100ea35c5b320044486

          SHA1

          e65ed6f4508b3d49e52b6607051446d5a13d19bd

          SHA256

          58a44e2b1b1ac91bd70b7ae96a8683fe5bd2094af2eacd3fb4a73c137f68b451

          SHA512

          e39e4e91e859eca463868cddae44532fb2d0156baa27e64957eea26ce579d779db314b6c0ec3d2aa0be5c3313e7b54ecf78f9c9f6eb17fc9f12833f964b60def

          Download Submit

        • memory/1012-0-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1012-1-0x0000000001870000-0x0000000001982000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1012-2-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1012-14-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4196-15-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4196-16-0x0000000001BE0000-0x0000000001CF2000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4196-13-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/4196-23-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download