Overview

overview

7

Static

static

7

1ffc2c26ab...b6.exe

windows7-x64

7

1ffc2c26ab...b6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ffc2c26ab31b537d7899a9f031db5b6.exe

  • Size

    10.7MB

  • MD5

    1ffc2c26ab31b537d7899a9f031db5b6

  • SHA1

    72d6e7350529d54db43ecc7fdaab04faa4ad2fae

  • SHA256

    edda1f75843df9a7fa61712ba133330248b20d0ed0d314ec11d2019750a73499

  • SHA512

    8c4bf2628de439499f37010ae4e73623beb4f487e4096e5d90ce1cd3cd850dbcd6287de084f7b42a21d5d0df31d4adf669e8185671a3429ec091dc94372aba9e

  • SSDEEP

    196608:XYcQl6YrAsgdsODCF6B/rAsgVt8Cr0rAsgdsODCF6B/rAsg:Ixs6AcOW6A/rreAcOW6A

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe
    "C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe
      C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe
    Filesize

    96KB

    MD5

    8bada34ed52563ff0df2d8c6c4f907e1

    SHA1

    78b70c4a665e0efc08760318ec0bf81e3507c267

    SHA256

    a7f4862ddb647e398da2dbced23c018927df04e480cb1cbde5b55f26eabf425f

    SHA512

    653c64664107e04b9f6877f924911c828428eab12ab83354870c81b32a599bb2a3ab4e7a65bd73711f12655d3a81ee441aa405d767cb96c2f42d878be1cf71c3

    Download Submit

  • memory/2816-1-0x0000000001C70000-0x0000000001D82000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2816-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2816-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2816-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3096-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3096-19-0x0000000001CF0000-0x0000000001E02000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3096-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3096-24-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download