Overview

overview

7

Static

static

7

36c5945f1b...84.exe

windows7-x64

7

36c5945f1b...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    177s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 12:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36c5945f1b72b80248f6e65549bda284.exe

  • Size

    18KB

  • MD5

    36c5945f1b72b80248f6e65549bda284

  • SHA1

    8dc98741f95ae8fd348ae750986e53ed49dd3d36

  • SHA256

    f31887dbf62435a07652d48982dc6b6139cde9dfd9567fd618a8d0562e7fdf2d

  • SHA512

    05344c4c1c12125e888bba599e68dd17a027d96b8842603a0d3ed53125d99add0a0ad1db10db734962bb3803d7f4a1398a7b1bbec9935e86793e4490f0fd6870

  • SSDEEP

    384:chbIBVFTElh1WDjnacEsGmF5x9gT+3sfuLtXwEJrZYruUSNJ+W85:PFT6h1mbatsdF/+a3Xd7yuUSNJg

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36c5945f1b72b80248f6e65549bda284.exe
    "C:\Users\Admin\AppData\Local\Temp\36c5945f1b72b80248f6e65549bda284.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 36
      2⤵
      • Program crash
      PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2684-1-0x0000000010000000-0x0000000010011000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2684-2-0x0000000010000000-0x0000000010011000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2684-3-0x0000000010000000-0x0000000010011000-memory.dmp

    Filesize

    68KB

    Download