Overview

overview

7

Static

static

7

38f58bf4aa...70.exe

windows7-x64

7

38f58bf4aa...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38f58bf4aa9cc472becde9d0830f9170.exe

  • Size

    34KB

  • MD5

    38f58bf4aa9cc472becde9d0830f9170

  • SHA1

    5c705d9d31c091f1e97d6baa6b80ff53e92e3f49

  • SHA256

    b7e6ced455a38e4838a37df9b01888dcd6f1825db63d0b1a462ba0dc01fc31bc

  • SHA512

    fc63fcdebd1d0cb6424dc6f47a2d66dfad12f02f436c99e01efea16ffb34ad8e3c25786b9ee66f60dc8d30385e68b0a2aa83f87b1bbb0a103185478ba32cab25

  • SSDEEP

    768:POkMJ4+MyblA8Vsn1dr6xkOgKQryICcizus9u1gj:GmoRVsnfaXgKQrKciaslj

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38f58bf4aa9cc472becde9d0830f9170.exe
    "C:\Users\Admin\AppData\Local\Temp\38f58bf4aa9cc472becde9d0830f9170.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2492-0-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2492-4-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2492-11-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download