Overview

overview

7

Static

static

7

294a39f20e...b2.exe

windows7-x64

7

294a39f20e...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 05:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    294a39f20e81a25aa053258594c8e8b2.exe

  • Size

    5.8MB

  • MD5

    294a39f20e81a25aa053258594c8e8b2

  • SHA1

    acbf61890cb8ed55eaff416c926d27f1809e7e42

  • SHA256

    e63e824440eb8e095e0997c5d37000b53f97756d918e646c091103c8cc74ade8

  • SHA512

    f3f1089148cd8a91545674d95543d66a3ca7f5b94d3e9af8646b1e1a4f45b3ef8ff5c9b3ea1b9c45c9731bb3f1024e916572bbcd19be055a504bbb98d2eee4f2

  • SSDEEP

    98304:wjEcRM37u/3KpC3Zgg3gnl/IVUs1jePsym6ljRF+e4GAgg3gnl/IVUs1jePs:o/3LPgl/iBiPRvRMeSgl/iBiP

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\294a39f20e81a25aa053258594c8e8b2.exe
    "C:\Users\Admin\AppData\Local\Temp\294a39f20e81a25aa053258594c8e8b2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Users\Admin\AppData\Local\Temp\294a39f20e81a25aa053258594c8e8b2.exe
      C:\Users\Admin\AppData\Local\Temp\294a39f20e81a25aa053258594c8e8b2.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2144

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\294a39f20e81a25aa053258594c8e8b2.exe
          Filesize

          92KB

          MD5

          85e59a8e3386c80154f4ab328cb49dd3

          SHA1

          0d4ba81cd406e6823dc8091c7a182f99950eb68b

          SHA256

          dc95a9eff8407ac830a75124bfdea444f8b449880e72b4e9cc17747568f276aa

          SHA512

          bee56e50a15748634bdb852fae550cf343423a5afeeb5672a811d99901c5198a28f75332a8a2e4c4fe3034957cdc861159997494cb9067f59cc80eec4da2aef9

          Download Submit

        • memory/1392-14-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/1392-0-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/1392-15-0x0000000004080000-0x000000000456F000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1392-1-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1392-3-0x00000000002A0000-0x00000000003D3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-31-0x0000000004080000-0x000000000456F000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2144-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2144-17-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2144-24-0x0000000003410000-0x000000000363A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2144-23-0x0000000000400000-0x000000000061D000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2144-16-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2144-32-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download