Overview

overview

7

Static

static

7

0e42dfcd5c...f0.exe

windows7-x64

7

0e42dfcd5c...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 04:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e42dfcd5cb730784d4890726b0385f0.exe

  • Size

    1.3MB

  • MD5

    0e42dfcd5cb730784d4890726b0385f0

  • SHA1

    8aabbc5cf7ae828c940c6801a67dba54c1148ef8

  • SHA256

    2cda8c3ec0712239505f7956a12456f364f292904448a9b8183c9a2a20065edc

  • SHA512

    4a54b9a17bc934faee0166ec65aa1b0360ff9fde81bf2a541bc3b35ee9dbecd120b60682d82e98771f0a264937b5ff50fe4334f13cbfa1228d45e28919cc2625

  • SSDEEP

    24576:HagxN5epflmijZTfMyutTupJUG9UeapiGEP9NaQw0D3tMzvG:HamTepdmijZTENTuzUG+bVwNaQw0D9

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e42dfcd5cb730784d4890726b0385f0.exe
    "C:\Users\Admin\AppData\Local\Temp\0e42dfcd5cb730784d4890726b0385f0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\0e42dfcd5cb730784d4890726b0385f0.exe
      C:\Users\Admin\AppData\Local\Temp\0e42dfcd5cb730784d4890726b0385f0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0e42dfcd5cb730784d4890726b0385f0.exe
    Filesize

    293KB

    MD5

    2cf5fb0885299670b18096bdd8dfb1ab

    SHA1

    d2db6fcfddf2616b7421c71c7e1d0c52d2ed0f9b

    SHA256

    eb63257ad477dc6c5a2c4deb16dd2898d8c39b5f74699281d022b1e20810787a

    SHA512

    cd33887d15f09759414022db86a76f80ede736d27cff85f8de86279a2ff0771b20ea8f64065e8dbd935f5f4e076c354cfa851e42a944fcfa4d128399c83e0859

    Download Submit

  • \Users\Admin\AppData\Local\Temp\0e42dfcd5cb730784d4890726b0385f0.exe
    Filesize

    376KB

    MD5

    48b25f397fbe55c1039498612caada07

    SHA1

    f434210f8ef3dcaa8429ab8c42e7af9f2e4daf4c

    SHA256

    bc7f25650635ec57ae1da5c7be75706d66f4a5b9c1d82bf82d1ec8828f7b22d7

    SHA512

    7312aff00918b08d61e3535354c04d67a0ad7dba8b4dd296272050e54bd20072c94bf9b3fe38dfa5a077f23652cf051db8d93f681e32a1c6a2d178afffa3fb44

    Download Submit

  • memory/2192-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2192-1-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2192-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2192-15-0x0000000003580000-0x00000000039EA000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2192-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2812-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2812-19-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2812-18-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2812-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download