Overview

overview

7

Static

static

7

0c5e458220...99.exe

windows7-x64

7

0c5e458220...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    205s
  • max time network
    219s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 03:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c5e458220d4511d4354babff812ad99.exe

  • Size

    1.3MB

  • MD5

    0c5e458220d4511d4354babff812ad99

  • SHA1

    241930fcfe0b76e1943c309bb14cf0a48c45bb91

  • SHA256

    98be4baa411b9a1235f5d4f27b2ca8808ce50f4a119af02a5e4b4ec299de597e

  • SHA512

    434b5eebb9a113a1a861c41af33f435641c33ebb2f65663567ec69e7323c75859061a9e897c37d87df6d692c55983888c8482f64ce92e541b3fc8ba9003da996

  • SSDEEP

    24576:T2+KJlxfiBYhT7UsDjHn13qq7B3AKtG+5CJJT2khW3nDw21C1SawpWCxF+LlWc:i+euBUIW3HlQKILPqQW3PCwBb+Llp

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe
    "C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe
      C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe
    Filesize

    849KB

    MD5

    a22fb1335a04d86aced3e3301309abe5

    SHA1

    f4313adb8c5c8b7927b2bf34fc249307d1e2e6be

    SHA256

    84084ef386b365d286ceb493acee128a1531cf70351cdf47b413532deabd5798

    SHA512

    d1afd42dd5ae0c96f648a59213a3e4ebfdbf671cd62ae29cd2d794d25a22c90da258fc0df52405ea7bb117c7b0f0d25b4b0f0dcc265d7010a622c6a7bc1fb883

    Download Submit

  • memory/2148-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2148-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2148-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2148-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4592-13-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4592-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4592-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4592-20-0x0000000005680000-0x00000000058AA000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4592-21-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4592-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download