Overview

overview

7

Static

static

7

1ba749bd73...cd.exe

windows7-x64

1

1ba749bd73...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ba749bd73a0566091c21a79660a90cd.exe

  • Size

    1.3MB

  • MD5

    1ba749bd73a0566091c21a79660a90cd

  • SHA1

    862add4fc5924ec3cc1ed43f2af290c6a3af1bc5

  • SHA256

    cce6e26f28801c84292d31312b5435ee70332979c966b7d95fa7b81b8e124a8d

  • SHA512

    173d4c13cfe66b53f97726af5f91088b1fcb3117c9031c9868770272db9f130eaeb58cb49c6d57d2d50ed659d63cc79f1a664c5a8dce1a4c1c00ffd7de7416dc

  • SSDEEP

    24576:+k1waQSD9gqegHMcAuCSB/gF7fV3ZQIGxHGnCUDz3T3P62ig+vG:+keFSJLeg/AuCE4tXQtmntL62i

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ba749bd73a0566091c21a79660a90cd.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba749bd73a0566091c21a79660a90cd.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4816
    • C:\Users\Admin\AppData\Local\Temp\1ba749bd73a0566091c21a79660a90cd.exe
      C:\Users\Admin\AppData\Local\Temp\1ba749bd73a0566091c21a79660a90cd.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1ba749bd73a0566091c21a79660a90cd.exe
    Filesize

    49KB

    MD5

    a0e2e0e66e04a1f48bd283fc2b328313

    SHA1

    5eddcc0ccab244d77f800731f7e197b0ace4bf79

    SHA256

    342d36181859c0ea17fe035df25d57838ead4dabe1608786249849346b9b2d88

    SHA512

    ebca1ae859ca9a7f570760f2d43196ab8a4b160b310485964604af932184c30d0f236293fe70dce40069e2c0fc30429e3998b4db2451ecec336466666c27b11c

    Download Submit

  • memory/760-14-0x0000000001870000-0x0000000001982000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/760-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/760-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/760-23-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4816-1-0x0000000001C40000-0x0000000001D52000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4816-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4816-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4816-13-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download