Overview

overview

7

Static

static

7

37882231ea...39.exe

windows7-x64

7

37882231ea...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 13:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    37882231ea4d42523c67f1e823abfa39.exe

  • Size

    805KB

  • MD5

    37882231ea4d42523c67f1e823abfa39

  • SHA1

    5f9a264857f9794c2a728a01d1cfa7556e9560f3

  • SHA256

    063eb790f1008ac1c48f3915e7adad8af5c49c60835eadcebf7512cac34641b4

  • SHA512

    98368ea758aed1893cdb6acf29dc852a5e2f07216d024fe4ddcfce79e798f8d2c2ee777627104dd1bd0010b79ef10711909463530db605a30dec8647184b1072

  • SSDEEP

    24576:OZgQdNnVpyPul3hdVcN/KuJg/kmd9p2q+:mNTWPm3tcZKuJqkkG

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37882231ea4d42523c67f1e823abfa39.exe
    "C:\Users\Admin\AppData\Local\Temp\37882231ea4d42523c67f1e823abfa39.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3316
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1012
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 1632
        3⤵
        • Program crash
        PID:2436
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1012 -ip 1012
    1⤵
      PID:4108

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\setup.exe
            Filesize

            805KB

            MD5

            37882231ea4d42523c67f1e823abfa39

            SHA1

            5f9a264857f9794c2a728a01d1cfa7556e9560f3

            SHA256

            063eb790f1008ac1c48f3915e7adad8af5c49c60835eadcebf7512cac34641b4

            SHA512

            98368ea758aed1893cdb6acf29dc852a5e2f07216d024fe4ddcfce79e798f8d2c2ee777627104dd1bd0010b79ef10711909463530db605a30dec8647184b1072

            Download Submit

          • memory/1012-6-0x0000000000CB0000-0x0000000000F0C000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/1012-7-0x0000000000CB0000-0x0000000000F0C000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/3316-0-0x0000000000AD0000-0x0000000000D2C000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/3316-5-0x0000000000AD0000-0x0000000000D2C000-memory.dmp

            Filesize

            2.4MB

            Download