Overview

overview

7

Static

static

7

0dd1bb5f84...f7.exe

windows7-x64

7

0dd1bb5f84...f7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 04:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0dd1bb5f84e5c1a1d78bb2d9dc5cc3f7.exe

  • Size

    5.8MB

  • MD5

    0dd1bb5f84e5c1a1d78bb2d9dc5cc3f7

  • SHA1

    084a23eb3a750dc92899f42d54d1d6d0a80f90a0

  • SHA256

    541c1aece5c24a28d0f68fb585ea74cc8ba3be6badb41f249cc18af94a9773de

  • SHA512

    ed673c42f46c70020c38b89d651ab5856670b6657a0a3418a960d70b04615ca09bc3c12b6ba30cd7574a5c9dc23677bbf7abcee680a4d32e04ee0d2aa7ab69d9

  • SSDEEP

    98304:8HMfqnF8GGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:1yqwGhRaaCkN9qHGhRa

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0dd1bb5f84e5c1a1d78bb2d9dc5cc3f7.exe
    "C:\Users\Admin\AppData\Local\Temp\0dd1bb5f84e5c1a1d78bb2d9dc5cc3f7.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\0dd1bb5f84e5c1a1d78bb2d9dc5cc3f7.exe
      C:\Users\Admin\AppData\Local\Temp\0dd1bb5f84e5c1a1d78bb2d9dc5cc3f7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2904

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\0dd1bb5f84e5c1a1d78bb2d9dc5cc3f7.exe
          Filesize

          93KB

          MD5

          8c2c07d85f35c34ba5e1a6287e4fe63e

          SHA1

          9ddb16c42455980e56aaecc9e1b1949a9e39efdb

          SHA256

          665343d96a11b17a5fba336e038173e156e86aa0d3426c69b9cddfe7725e9024

          SHA512

          b1968393182be3b3f36a797ad7486b0cc3fff1620a0c886fe84d1d3332a44acb572110d51cb25a8d171d98f93f7c93099485872ed172ca603abf1d46bee38f57

          Download Submit

        • memory/2296-0-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2296-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2296-2-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2296-12-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2904-16-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2904-21-0x0000000000400000-0x000000000061D000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2904-20-0x00000000055C0000-0x00000000057EA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2904-14-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2904-13-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2904-28-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download