Overview

overview

7

Static

static

7

3a0d48b0a0...6a.exe

windows7-x64

7

3a0d48b0a0...6a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    3s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a0d48b0a04608f932a0cdc59e81df6a.exe

  • Size

    133KB

  • MD5

    3a0d48b0a04608f932a0cdc59e81df6a

  • SHA1

    17a68ee7a126d5c08577b37145fdbb5de8e2058a

  • SHA256

    452c7d59d108c4ac8e99bca5add47409484899f906ab4a5d9ca64f8e3cf1aaca

  • SHA512

    986ab9c3584ad129156270b61119fa73088206de82837e2c384c6a71b2a3dd2fe503d058f093a897b91a7b5c53c8029577b488ba33b16f709dad3029c1bdbb33

  • SSDEEP

    3072:YRt9LpXh1pODnPxtaPEi7BShM+i2hwFkSCQ:Y/99h1pODfaPEmd+i2hwejQ

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a0d48b0a04608f932a0cdc59e81df6a.exe
    C:\Users\Admin\AppData\Local\Temp\3a0d48b0a04608f932a0cdc59e81df6a.exe
    1⤵
    • Deletes itself
    • Executes dropped EXE
    • Suspicious use of UnmapMainImage
    PID:2688
  • C:\Users\Admin\AppData\Local\Temp\3a0d48b0a04608f932a0cdc59e81df6a.exe
    "C:\Users\Admin\AppData\Local\Temp\3a0d48b0a04608f932a0cdc59e81df6a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3a0d48b0a04608f932a0cdc59e81df6a.exe
    Filesize

    133KB

    MD5

    ac65978017c300484a828d11a0be596e

    SHA1

    c7113d729ded7e7484334c9887e64bb9065b8725

    SHA256

    0ea3cbf903187a9a1783d5064d27fb2c9a01c069f18f17409e8d4fcbfc3effa5

    SHA512

    fb384733c3aeaa3ae79fe9a09c467c58efd0cdf4fb8098269289939ec44b3ebb6796a5f2cb6ae72b4fe3f99b1204c31547990d7f4534c15edba9c98b8aec461e

    Download Submit

  • memory/2500-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2500-2-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2500-1-0x0000000000150000-0x0000000000171000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2500-19-0x0000000002CB0000-0x0000000002D36000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2500-15-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2688-16-0x0000000000150000-0x0000000000171000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2688-21-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2688-40-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download