Overview

overview

7

Static

static

7

4b6d6b6c98...87.exe

windows7-x64

7

4b6d6b6c98...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2024 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b6d6b6c98fe55b514b042fc1b2d1387.exe

  • Size

    59KB

  • MD5

    4b6d6b6c98fe55b514b042fc1b2d1387

  • SHA1

    d5d67bedf986f74e54c7b3b1a8ac1c7f3cb1c1eb

  • SHA256

    7a841d0451ac82cc5afcac7ee1c39bab46a5357c62017ee469b7cfc0f7a75a14

  • SHA512

    47eea89edd886b978afd749dabe49f99ddd0329606740b1198dfc22de85459fa89a49f8a5ff23c9989163ff2fdc7a0991b0023dcf5a011d2c370cd31a11b96ab

  • SSDEEP

    1536:NkPhWe6To4xXQrCrxT/k8N3ZnJcf5s8iZv86zC:NkP83TDgrCrt/kypnqKJj

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b6d6b6c98fe55b514b042fc1b2d1387.exe
    "C:\Users\Admin\AppData\Local\Temp\4b6d6b6c98fe55b514b042fc1b2d1387.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\4b6d6b6c98fe55b514b042fc1b2d1387.exe
      C:\Users\Admin\AppData\Local\Temp\4b6d6b6c98fe55b514b042fc1b2d1387.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\4b6d6b6c98fe55b514b042fc1b2d1387.exe
    Filesize

    59KB

    MD5

    6f5982c5c0c682cb1ffdb7856466d515

    SHA1

    c308641cf65104d4aa3d5f2d8dc96cddf473ddfd

    SHA256

    49d65f870ee2fafaf15c2704e80d37be6f1d66f783b78561d911c554e4feeb89

    SHA512

    acc7ca6211e37024621d39884dc0a13b7e58011b20abd63d14685758d9b9d449f56092e920f165eca1b831170c19d33751f4838a3c4543eb1e908e1bc915efce

    Download Submit

  • memory/1952-17-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1952-18-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1952-21-0x0000000000030000-0x000000000003F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1952-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1952-29-0x0000000000170000-0x000000000018D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1952-30-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2296-0-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2296-2-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2296-1-0x0000000000030000-0x000000000003F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2296-15-0x00000000002E0000-0x000000000031D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2296-14-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download