Overview

overview

7

Static

static

7

3ee2fb8371...cb.exe

windows7-x64

7

3ee2fb8371...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/01/2024, 19:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3ee2fb837141f7fb4f0077009b2f04cb.exe

  • Size

    10.6MB

  • MD5

    3ee2fb837141f7fb4f0077009b2f04cb

  • SHA1

    89d0cdaf14d451e638a4576e140a5902b4b19585

  • SHA256

    d555ad5abaaf2831b164b1d0283fa2a3cff6c5cfb9c4ab771f8cb24ac6e79a55

  • SHA512

    87f86fed2a09f7d92657c536a1ae6490a49b98069da30a1d9f15faa92d1f786c8e1133001119a8ff2e0a0eba3466b6f4180d89302713859be6aebe27cd530111

  • SSDEEP

    196608:lmxs2AschDHIxlWXSyRloWYOschDHIDnPkxlLktIjGRschDHIxlWXSyRloWYOscY:lmy20DHElOSZSDH4nPkxRGNDHElOSZSa

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ee2fb837141f7fb4f0077009b2f04cb.exe
    "C:\Users\Admin\AppData\Local\Temp\3ee2fb837141f7fb4f0077009b2f04cb.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Users\Admin\AppData\Local\Temp\3ee2fb837141f7fb4f0077009b2f04cb.exe
      C:\Users\Admin\AppData\Local\Temp\3ee2fb837141f7fb4f0077009b2f04cb.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3808

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1216-0-0x0000000000400000-0x00000000008E7000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1216-2-0x0000000000400000-0x0000000000622000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1216-1-0x0000000001C90000-0x0000000001DC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-12-0x0000000000400000-0x0000000000622000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3808-13-0x0000000000400000-0x00000000008E7000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/3808-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3808-14-0x0000000000400000-0x0000000000622000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3808-22-0x0000000005680000-0x00000000058A2000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3808-20-0x0000000000400000-0x0000000000616000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3808-28-0x0000000000400000-0x00000000008E7000-memory.dmp

          Filesize

          4.9MB

          Download