Overview

overview

7

Static

static

7

41f76e9d7d...ac.exe

windows7-x64

7

41f76e9d7d...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    180s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41f76e9d7d97c11225191c988f350aac.exe

  • Size

    10.7MB

  • MD5

    41f76e9d7d97c11225191c988f350aac

  • SHA1

    9bae47a8e759345f6af4103d9664940dab9c4ba7

  • SHA256

    a543b996955e8dc821a7192cd4d81871d7911cc838f2b6c7ec396e02ae8932ae

  • SHA512

    13d278da0a8fae94181061cf2781c896e7f693ca73d35a8ea28d034f3db952f3a9f3d7ccd031b0dc3db8e700dc70e54617e82dc05af480db086d9062b633cf41

  • SSDEEP

    196608:E5w/7Y3pLQd7S0DTvK6a3pLQd7lBAt3pLQd7S0DTvK6a3pLQd7:E5Uk3pLQd7S0Duz3pLQd7lB43pLQd7SO

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
    "C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
      C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\41f76e9d7d97c11225191c988f350aac.exe
    Filesize

    242KB

    MD5

    bc0b537844aa4fa299ea5e0f082b9069

    SHA1

    c1d2f844d45dc3e896fc6ec1bd1f2ec79ed25d43

    SHA256

    5af685e683b9eed01cf1fda3e29c4fcdd66ccac425877900703e8e79eac130ee

    SHA512

    6b3d3773d4875931dd2dde9f3efe7368fdac5916b42f9aff7269f303eed71af98f08f6cfb1a7a8054021fba74782633a534f4cdb17f34337133c4775125ccbe0

    Download Submit

  • memory/2684-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2684-1-0x0000000001D30000-0x0000000001E42000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2684-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2684-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5100-15-0x0000000001C30000-0x0000000001D42000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/5100-13-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/5100-16-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5100-23-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download