17bd11d86c796ee99b3d1498de8a7991deeb991c89f93cb8017740c34053cb9b | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

X.exe
Size

39KB
MD5

a5f1ad106a65b097071d8397db5ed78a
SHA1

0b368490aaa267989d5a70b88f11513493d82b05
SHA256

31b5d8c021ab64237e7eee7bf043d0abb624ae238857616721a7e07fa7c0bd2d
SHA512

eea7f105bec3660d3fe65865a28dc39eb90446a3f0cd7b19c91c478c401d76b73e10207de33ea720e8c6319a6ebe5f14ec96fbadfd00ae0c4111cce4db5c7bf5
SSDEEP

768:D/qMNNJGiw2YJmOne9+RTQArtovGC2fj8rwuX+hCD3xJPro8f9h9x:GMFk27XMCH6j8rVwCdloK1x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/memory/1316-0-0x0000000000400000-0x0000000000415000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1316	X.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 1248	1316	X.exe	28
PID 1316 wrote to memory of 1248	1316	X.exe	28
PID 1316 wrote to memory of 1248	1316	X.exe	28
PID 1316 wrote to memory of 1248	1316	X.exe	28
PID 1316 wrote to memory of 1248	1316	X.exe	28

C:\Users\Admin\AppData\Local\Temp\X.exe
"C:\Users\Admin\AppData\Local\Temp\X.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1316-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1316-1-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/1316-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1316-3-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download