Overview

overview

7

Static

static

7

1df6b8284f...65.exe

windows7-x64

7

1df6b8284f...65.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1df6b8284f2ee66d546efa938f571765.exe

  • Size

    1.1MB

  • MD5

    1df6b8284f2ee66d546efa938f571765

  • SHA1

    f56428c36db6657f2b90fe691d19439cb7159013

  • SHA256

    2001fa457ae8c2ec82ee261e185b842b622bae3ead54e68434899a182190ddbe

  • SHA512

    d6f38989469551d4f2032538043aba9a30e76d03b86d594cdc7d8736f150b2c593117aff9388d807628d7afbfdbc5edb5831dd03696d72ed724d986145c5f8c4

  • SSDEEP

    24576:1NHlDWGouKPL+mk2ksI/rq38Xn27Y+A4eoEdbMP6KmZmY0x3ZWUhPokTM:1/XoVL+J2j9MXyY+ibNC643n9o3

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1df6b8284f2ee66d546efa938f571765.exe
    "C:\Users\Admin\AppData\Local\Temp\1df6b8284f2ee66d546efa938f571765.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3364
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 1600
        3⤵
        • Program crash
        PID:3764
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3364 -ip 3364
    1⤵
      PID:1444

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      Filesize

      1.1MB

      MD5

      1df6b8284f2ee66d546efa938f571765

      SHA1

      f56428c36db6657f2b90fe691d19439cb7159013

      SHA256

      2001fa457ae8c2ec82ee261e185b842b622bae3ead54e68434899a182190ddbe

      SHA512

      d6f38989469551d4f2032538043aba9a30e76d03b86d594cdc7d8736f150b2c593117aff9388d807628d7afbfdbc5edb5831dd03696d72ed724d986145c5f8c4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      Filesize

      898KB

      MD5

      1b693805f2645a57084bdc85eab7cd15

      SHA1

      11471486fcdd18acb099bc48b57d91996e1f2ee5

      SHA256

      231d05ceffb7f1737c3c70993e41583483baabde69b41d63dd93b50b705a8aca

      SHA512

      76df2db476fc4636d4202bee0d1f70480a30ba02a10f8f8b79b43686d50af12188bb3687746c44ef7bfb75493976ada429abc5ab87f8300be22a923b49aefec6

      Download Submit

    • memory/1492-0-0x0000000000FE0000-0x0000000001234000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1492-5-0x0000000000FE0000-0x0000000001234000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/3364-6-0x00000000009C0000-0x0000000000C14000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/3364-7-0x00000000009C0000-0x0000000000C14000-memory.dmp

      Filesize

      2.3MB

      Download