Overview

overview

10

Static

static

3

277b80877f...b1.exe

windows7-x64

10

277b80877f...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    277b80877fc2effdede80a15a0a43db1.exe

  • Size

    167KB

  • MD5

    277b80877fc2effdede80a15a0a43db1

  • SHA1

    08abab37c0371f718cb5b6fde5402cf9e5d9eabc

  • SHA256

    4f8168dce8d3e492a35717c1550ccb86dbeab0e1a4e32963f5f8eb73bfdbeb1c

  • SHA512

    3336561ea5afea5b099a7fbc27808fc13052ea0b2694423b5be1fb05101321cd471a1da241626b8b915842d42f8d83e1152e07b7d12ed76bbc7736ba6a046e90

  • SSDEEP

    3072:63JBjl+LRzx8Sj3yTI9Uo66i2UmmCBl8PMFsaDSxKChgtCrWJ7Y:0JESSj7966dBLfDSxKCA7

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\277b80877fc2effdede80a15a0a43db1.exe
    "C:\Users\Admin\AppData\Local\Temp\277b80877fc2effdede80a15a0a43db1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\Users\Admin\AppData\Local\Temp\277b80877fc2effdede80a15a0a43db1Srv.exe
      C:\Users\Admin\AppData\Local\Temp\277b80877fc2effdede80a15a0a43db1Srv.exe
      2⤵
      • Executes dropped EXE
      PID:5032
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 5032 -ip 5032
    1⤵
      PID:800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 288
      1⤵
      • Program crash
      PID:1460

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\277b80877fc2effdede80a15a0a43db1Srv.exe
      Filesize

      94KB

      MD5

      f6736faa3126f64ed4a7109e40c47806

      SHA1

      0d50917f44d6e173bac24916c95343616dcbf18c

      SHA256

      bc0cb854888c155cbfed860a6546bea3c82db643df30437fe14d91194939a874

      SHA512

      29cc26cd4df360252917a5d913e5e4776b6d05061b464f09dbb33918491affdc15cac9e142a9227a48f27d26db1f8ee85bd3d417365d6fef9b2fd380e090efe5

      Download Submit

    • memory/1080-0-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/1080-5-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/5032-7-0x0000000000400000-0x0000000000441000-memory.dmp

      Filesize

      260KB

      Download

    • memory/5032-6-0x00000000005A0000-0x00000000005A1000-memory.dmp

      Filesize

      4KB

      Download