Overview

overview

7

Static

static

7

24c95912e9...b9.exe

windows7-x64

7

24c95912e9...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    4s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 02:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24c95912e9c0cf7714f03e8e33ee43b9.exe

  • Size

    10.2MB

  • MD5

    24c95912e9c0cf7714f03e8e33ee43b9

  • SHA1

    e76f8dbaabd868500c206408f14f4c2b47d1c332

  • SHA256

    f579a519615460e8cce1555bac82c1489de87778a72c4b9fe5f5816234f21566

  • SHA512

    73bf38f8eb8d88e445f7e541be54af6f36969f004fdc4b512ff2b04754ef1fb6e9ec125c8ce78662957836e85960b029263fb0b7a6fa35ab9548560c8e0dfe4a

  • SSDEEP

    98304:piT1IyKVaWhh30g2yOEjjs9/g39uAESR3JWMeWl6830g2yOEjjs9/g3:piT1lgaWoZUju/FShJWHtZUju/

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24c95912e9c0cf7714f03e8e33ee43b9.exe
    "C:\Users\Admin\AppData\Local\Temp\24c95912e9c0cf7714f03e8e33ee43b9.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3684
    • C:\Users\Admin\AppData\Local\Temp\24c95912e9c0cf7714f03e8e33ee43b9.exe
      C:\Users\Admin\AppData\Local\Temp\24c95912e9c0cf7714f03e8e33ee43b9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\24c95912e9c0cf7714f03e8e33ee43b9.exe
    Filesize

    382KB

    MD5

    64a2e566a8f340f7fce11063a750e11e

    SHA1

    3e289f6de9d9e13ebad31c99947dd74a8b216fb1

    SHA256

    2c28f91835592a060a1214b95c4b19e97944a9a62f06e85e5406d778b0e96a39

    SHA512

    226f58476116191983f5c2a07b17c8392af03d508bd856f10aefb7b8be8a49bfcd8301d9c7f887538a4036cf7e7fe26714fca58a492a662a727c1b188be6155a

    Download Submit

  • memory/3684-0-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3684-2-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3684-1-0x0000000002270000-0x00000000024CA000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3684-13-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3892-15-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3892-17-0x0000000002320000-0x000000000257A000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3892-30-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download