Overview

overview

7

Static

static

7

41f76e9d7d...ac.exe

windows7-x64

7

41f76e9d7d...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41f76e9d7d97c11225191c988f350aac.exe

  • Size

    10.7MB

  • MD5

    41f76e9d7d97c11225191c988f350aac

  • SHA1

    9bae47a8e759345f6af4103d9664940dab9c4ba7

  • SHA256

    a543b996955e8dc821a7192cd4d81871d7911cc838f2b6c7ec396e02ae8932ae

  • SHA512

    13d278da0a8fae94181061cf2781c896e7f693ca73d35a8ea28d034f3db952f3a9f3d7ccd031b0dc3db8e700dc70e54617e82dc05af480db086d9062b633cf41

  • SSDEEP

    196608:E5w/7Y3pLQd7S0DTvK6a3pLQd7lBAt3pLQd7S0DTvK6a3pLQd7:E5Uk3pLQd7S0Duz3pLQd7lB43pLQd7SO

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
    "C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2560
    • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
      C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
    Filesize

    178KB

    MD5

    a3fc72f421dee2e7a6689c20d3fa2e1c

    SHA1

    7a377d08ae1c67f1601697ca86f87691e0aca48e

    SHA256

    bae2db2802c401863f9af5a18ebdd0fa2f9ea2815a376ab8e9d16ed62e5430a9

    SHA512

    b420ae036b410cdc17ccdda81e5bb3ebfcaa35939253c5e94ed8579d85b9cb70412565dd2024b9b3aaa6641deb01c618b83b0b448c15a405aa3ba6991d1ac4a8

    Download Submit

  • memory/2560-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2560-1-0x0000000001870000-0x0000000001982000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2560-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2560-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2576-17-0x0000000001C70000-0x0000000001D82000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2576-16-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2576-14-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2576-24-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download