Overview

overview

7

Static

static

7

2388ef6542...e3.exe

windows7-x64

7

2388ef6542...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 01:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2388ef6542cb8646bddb14ef355a6ee3.exe

  • Size

    56KB

  • MD5

    2388ef6542cb8646bddb14ef355a6ee3

  • SHA1

    d11153d61dfdd41453b9329397a6ebdc93ea43d4

  • SHA256

    8a77c8eb7a429060d5abdc9082adadc71a3a3b24fda892d9188d95610776afb1

  • SHA512

    b2598683920ed4526e1f6f4fde8d5578cac20a996a87db37738dd0f57d19d3bf41fea7b1a05653ee337ee4dd5b7474ae59d791040a7b158d149b15bf262b1c7b

  • SSDEEP

    1536:In/F5zEmHs9a6h6B2BlaD9ApWGSx2jSUjmiG0sy8G0aqM:I//BHs9jg4WijjJV8r

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2388ef6542cb8646bddb14ef355a6ee3.exe
    "C:\Users\Admin\AppData\Local\Temp\2388ef6542cb8646bddb14ef355a6ee3.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\Users\Admin\AppData\Local\Temp\2388ef6542cb8646bddb14ef355a6ee3.exe
      C:\Users\Admin\AppData\Local\Temp\2388ef6542cb8646bddb14ef355a6ee3.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4664

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\2388ef6542cb8646bddb14ef355a6ee3.exe
          Filesize

          56KB

          MD5

          41bc663b8d6d163494786bc2407b2a4c

          SHA1

          6ac69a5e946d0ae2458318956714b3fe0c097e20

          SHA256

          85dfbd489a626f89ebebb84218cd9ebf23fe24f99cc940baf0cf1573d4b6ea9f

          SHA512

          e7e953b43261fbcadb5b37db014e9a5c83e241b9e899f0646f980e66598445448fbe68a1bf507a9e3f9f9c48cc78c19e9ca7660084acb17876a545ce5ce3259c

          Download Submit

        • memory/4588-0-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/4588-1-0x00000000001B0000-0x00000000001BE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4588-12-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4588-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4664-25-0x00000000014C0000-0x00000000014DB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4664-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4664-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4664-14-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/4664-13-0x00000000000C0000-0x00000000000CE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4664-26-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download