Overview

overview

7

Static

static

7

41f76e9d7d...ac.exe

windows7-x64

7

41f76e9d7d...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2024 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41f76e9d7d97c11225191c988f350aac.exe

  • Size

    10.7MB

  • MD5

    41f76e9d7d97c11225191c988f350aac

  • SHA1

    9bae47a8e759345f6af4103d9664940dab9c4ba7

  • SHA256

    a543b996955e8dc821a7192cd4d81871d7911cc838f2b6c7ec396e02ae8932ae

  • SHA512

    13d278da0a8fae94181061cf2781c896e7f693ca73d35a8ea28d034f3db952f3a9f3d7ccd031b0dc3db8e700dc70e54617e82dc05af480db086d9062b633cf41

  • SSDEEP

    196608:E5w/7Y3pLQd7S0DTvK6a3pLQd7lBAt3pLQd7S0DTvK6a3pLQd7:E5Uk3pLQd7S0Duz3pLQd7lB43pLQd7SO

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
    "C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
      C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
    Filesize

    23KB

    MD5

    4090e13cffc5ad88a8601365fcb02a5e

    SHA1

    0b394b66b142d1734adeaa98c00196326d0e8425

    SHA256

    8c5e8abd670ee0c9ecaf31d7c832f34ee2927570b1bf74e972eb7387a30fa134

    SHA512

    1d62695910718e06a8d594997e3199dd73f240f4dd61b63f07a022bf3f8447d5ac7c8d9cd50ca0dc20ec7d80588f3da4932edcfca4355c99dda96c014b97ac6d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
    Filesize

    36KB

    MD5

    0a4c709dfd3bc2b93447369cb6659abc

    SHA1

    bb1464822ffd3154e984f23d02ec32e6365dab7b

    SHA256

    e5388e70bf887b2aa79c8e1d78e171fac158876fa3872398feb8a50200aa991c

    SHA512

    e0aa9204cffca1f4f800a4f7fcc4c18c8d38e2ab64f3a739092506bcf931130b7e3ac62b6120c0cfc4a9384b283ea2eb290b2dce9452cb421b303602b38b7886

    Download Submit

  • memory/1652-2-0x0000000000130000-0x0000000000242000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1652-1-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1652-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1652-16-0x0000000004800000-0x0000000004C6A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1652-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1652-26-0x0000000004800000-0x0000000004C6A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2064-18-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2064-20-0x0000000000130000-0x0000000000242000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2064-17-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2064-27-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download