Overview

overview

7

Static

static

7

064e045117...7f.exe

windows7-x64

7

064e045117...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 22:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    064e045117d3dbd7387953637481757f.exe

  • Size

    133KB

  • MD5

    064e045117d3dbd7387953637481757f

  • SHA1

    ada71055e992adbf559889cac78904976597ff50

  • SHA256

    a394efeed89d1123899c57790056f695c6962d1d4da3d2e2f564a5f462bf4ef3

  • SHA512

    f3f09f25d0fd923e0461c64eb45acd94d90426b24f322eab2e6368521b867fe33347b8b5bc06dd4ac672577aed0130b0c335aa3fbca226c793a26206a1b8ede2

  • SSDEEP

    3072:DOTvkbEJj1ta8TkQ2A/DMvuSZihaJsXX6Xv+AmhPAKscLmkUbmstXtQ:DovkA51joZaAEQ2jAm6cLE7dQ

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\064e045117d3dbd7387953637481757f.exe
    "C:\Users\Admin\AppData\Local\Temp\064e045117d3dbd7387953637481757f.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3616
    • C:\Users\Admin\AppData\Local\Temp\064e045117d3dbd7387953637481757f.exe
      C:\Users\Admin\AppData\Local\Temp\064e045117d3dbd7387953637481757f.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\064e045117d3dbd7387953637481757f.exe
    Filesize

    133KB

    MD5

    b6048597d76233fbaf48659ce9b912e2

    SHA1

    c39a19dc5406e94caa3bf10ab9b9092cae80165a

    SHA256

    cd7e73076582619ad830bf21de758cdd5410301c15d64610b54a1da634918b4b

    SHA512

    d80a4cfd46a63a02d7d688a3ef671e263cf1659ff0024faf0d3a4f178080f9f46ed5d7fa89ca47b49742a52ddb19f7543306fb5018b7f43a098c9420f015db5b

    Download Submit

  • memory/3616-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3616-1-0x00000000001C0000-0x00000000001E1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3616-2-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3616-17-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3724-16-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3724-18-0x00000000001D0000-0x00000000001F1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3724-27-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download