Overview

overview

7

Static

static

7

2a30ca4573...03.exe

windows7-x64

7

2a30ca4573...03.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a30ca4573dd86b58163c684d28ea603.exe

  • Size

    1.3MB

  • MD5

    2a30ca4573dd86b58163c684d28ea603

  • SHA1

    8a82e1bb1a5efec08015ecbe47b417c7ff1de07c

  • SHA256

    6d15dd98bd82cb73b5653d38ab12054485fd6b5d8072c1062f3a253570749d5d

  • SHA512

    255bbd3258d027b0b18855fafa28334e5a43fb5108ab731528e358627a4fb8d72dba08e33414918fe3224b1279ef6af98a3e48735963412f284eebe0f7172c10

  • SSDEEP

    24576:myRG8EsC0xz9Ge7LYTpUjIj6A1GqNAbcIq8u2bgEI2vG:HobfCzsC2GatSg

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a30ca4573dd86b58163c684d28ea603.exe
    "C:\Users\Admin\AppData\Local\Temp\2a30ca4573dd86b58163c684d28ea603.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Users\Admin\AppData\Local\Temp\2a30ca4573dd86b58163c684d28ea603.exe
      C:\Users\Admin\AppData\Local\Temp\2a30ca4573dd86b58163c684d28ea603.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2a30ca4573dd86b58163c684d28ea603.exe
    Filesize

    129KB

    MD5

    2db1ec362bda0ae049dbb26215a96899

    SHA1

    c15825295ebf7e3a4cf44507502dc2574b565b9e

    SHA256

    e3ab42d3993cc5b8d1b973b388b7e037993ba12ebaf30e4faeec0f6cda5b7a0f

    SHA512

    562bc5ccdae77dd4d68438a29e01d706054b54a3b2172e3b5e64c698f18021b242944bc442bb5195cde4ac9af3aa4684ebcadac346f6cc8edfdf75e57f8d583f

    Download Submit

  • memory/2132-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2132-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2132-13-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2132-1-0x0000000001CE0000-0x0000000001DF2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2396-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2396-14-0x0000000001CE0000-0x0000000001DF2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2396-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2396-23-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download