Overview

overview

7

Static

static

7

0c0065a54b...27.exe

windows7-x64

7

0c0065a54b...27.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 02:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0c0065a54b59da7121f908f8d0e8dd27.exe

  • Size

    2.9MB

  • MD5

    0c0065a54b59da7121f908f8d0e8dd27

  • SHA1

    18c3c40be57c62e1994c494eb07b7d58fa932c53

  • SHA256

    1165037452ee5f6f2077e89f26271bdb52cb568605003bc3919b42c1d690d64b

  • SHA512

    e6867e8e79249ed2ab8f47b6c7da2b2a22e0821e7ffd5f91fa3f59fd9c0e10b2645b340c38df24f1e315974c9c2ac45c4bea71763181c400738b4b9eac4b06a8

  • SSDEEP

    49152:lzvudgj/vzdQvNs/1HK9z7/GkYWrcLWjI5ty9pdspUgv4aylxwi4NmYRjSR6C3qi:lzvudgjzdWNs/49nQWKWj19pdspU3wiv

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c0065a54b59da7121f908f8d0e8dd27.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0065a54b59da7121f908f8d0e8dd27.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\7zS17F4.tmp\install.exe
      .\install.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2468

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2216-1-0x0000000000240000-0x0000000000288000-memory.dmp

          Filesize

          288KB

          Download

        • memory/2216-0-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download

        • memory/2216-71-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download