Overview

overview

7

Static

static

3

28ac1d11f1...a3.exe

windows7-x64

7

28ac1d11f1...a3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28ac1d11f1035d49809f72f1dd4901a3.exe

  • Size

    413KB

  • MD5

    28ac1d11f1035d49809f72f1dd4901a3

  • SHA1

    98e50d5857a6da23c266a1af637dc5a3f5f404e2

  • SHA256

    84c862fb194a8a0aaf91ebe456ce73d65953e40feb3f291111b7f4ee677d3f76

  • SHA512

    9a47c2bcfdc7c3e3ef01828a132415e2cddafa23a74194501efea5662363162d1c9a65829d08d0a06fe73492ec86a54af394b1f19f5d100da2bec4a0e2b1c6fb

  • SSDEEP

    6144:77/7Wn2iBqScSkltGne4D64jdMcmR5HYfEsq4DKxZtmCmUbLZOTvoU:77TykFILjdbmR54csq4DK/tOTwU

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28ac1d11f1035d49809f72f1dd4901a3.exe
    "C:\Users\Admin\AppData\Local\Temp\28ac1d11f1035d49809f72f1dd4901a3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2064
    • C:\ProgramData\cG05066CmKcJ05066\cG05066CmKcJ05066.exe
      "C:\ProgramData\cG05066CmKcJ05066\cG05066CmKcJ05066.exe" "C:\Users\Admin\AppData\Local\Temp\28ac1d11f1035d49809f72f1dd4901a3.exe"
      2⤵
        PID:2996

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \ProgramData\cG05066CmKcJ05066\cG05066CmKcJ05066.exe
      Filesize

      46KB

      MD5

      8c8cbbd2221b842266acda3ed6a47bc2

      SHA1

      932dfd8892370b3eac5fb049dfdf6ed92b5b58a4

      SHA256

      2f793de73e22d319fed806f5db72e86bb7ab368a8e256337ba3ff54e1286f0f2

      SHA512

      6f8ac6e31d485cf2b627f3337664940f4446ca198780a7c42512221a578eecfdbb78f66ac132471e2d0e34248f29eb62c032e0f2e8f4f03643c4d0ca871dee48

      Download Submit

    • memory/2064-0-0x0000000000240000-0x0000000000243000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2064-1-0x0000000000400000-0x00000000004D2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/2064-10-0x0000000000400000-0x00000000004D2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/2064-29-0x0000000000400000-0x00000000004D2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/2996-31-0x0000000000400000-0x00000000004D2000-memory.dmp

      Filesize

      840KB

      Download