Overview

overview

7

Static

static

7

426deeb82f...66.exe

windows7-x64

7

426deeb82f...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2024 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    426deeb82fedba748adf56b8df9b5566.exe

  • Size

    1.3MB

  • MD5

    426deeb82fedba748adf56b8df9b5566

  • SHA1

    c21d5e333257f1cc298590ac57f14501a18ef98f

  • SHA256

    6109c0c0c6ea059e0fef926cf7366abe2f11a1e7bff22556d445fde88c747298

  • SHA512

    eb8b6ba969a3a0c62c4bcbfdafcc256249f249315d4f4e30fc96995c58d236b9b1b6d741bf7ceaf222a39a4872a4d3abeee40aac5fa310d5dc0d47d6e0980b1e

  • SSDEEP

    24576:ICAtkGvd9zxnRfYerDHMjf+5jj9qT0Vo1is/lD0C8wn8AzKkIV9QNYRqKvG:C99FYePL9j9qwVoTD0Cn8AzTIPqkq

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\426deeb82fedba748adf56b8df9b5566.exe
    "C:\Users\Admin\AppData\Local\Temp\426deeb82fedba748adf56b8df9b5566.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4668
    • C:\Users\Admin\AppData\Local\Temp\426deeb82fedba748adf56b8df9b5566.exe
      C:\Users\Admin\AppData\Local\Temp\426deeb82fedba748adf56b8df9b5566.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\426deeb82fedba748adf56b8df9b5566.exe
    Filesize

    1.3MB

    MD5

    671401b0eddce9d8c850224b59d698d3

    SHA1

    19601adb9827d0f16998582f8e4c1895a9ea30ef

    SHA256

    3eeb3279cfbb396cbb10d008916e03da8ac3f9050c9dcb008f0d3531fcc5715d

    SHA512

    a4f183471ae712dc4b7d84cbf9e1ed0874b218e4ab7844bbd12e8bb725a65e9112e65f5f5f9bd50c3af924acfd74896c5c6f3360ff5f071e9dd4944a967c0593

    Download Submit

  • memory/1884-14-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1884-15-0x0000000001870000-0x0000000001982000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1884-16-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1884-23-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4668-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4668-1-0x0000000001C70000-0x0000000001D82000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4668-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4668-13-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download