Overview

overview

7

Static

static

7

ea1c434417...7d.exe

windows7-x64

7

ea1c434417...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 12:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ea1c4344176f783ee21fc3bb579b67bf4685cd56a2d3d68495f9a356e292ea7d.exe

  • Size

    274KB

  • MD5

    b378427f6b2291fd0466d79eb5ad15dd

  • SHA1

    be45d7b35a6a537807ab98dac827b0fcae11bf29

  • SHA256

    ea1c4344176f783ee21fc3bb579b67bf4685cd56a2d3d68495f9a356e292ea7d

  • SHA512

    4fa7ae38420b68954c2ec7028925bc6c648f0b6b91ad62e51e34b49e4ed419e6a1e44547827fb178f3a12b8a0ca2f2c05d572e21b28730adb89d31061ee16842

  • SSDEEP

    6144:vbTirrfykiiUjh6QH/cEOkCybEaQRXr9HNdvOa:vPcrfR6ZnOkx2LIa

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 7 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea1c4344176f783ee21fc3bb579b67bf4685cd56a2d3d68495f9a356e292ea7d.exe
    "C:\Users\Admin\AppData\Local\Temp\ea1c4344176f783ee21fc3bb579b67bf4685cd56a2d3d68495f9a356e292ea7d.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:416

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/416-0-0x0000000000FA0000-0x000000000102C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/416-3-0x0000000000FA0000-0x000000000102C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/416-17-0x0000000000FA0000-0x000000000102C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/416-20-0x0000000000FA0000-0x000000000102C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/416-25-0x0000000000FA0000-0x000000000102C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/416-27-0x0000000000FA0000-0x000000000102C000-memory.dmp

          Filesize

          560KB

          Download

        • memory/416-32-0x0000000000FA0000-0x000000000102C000-memory.dmp

          Filesize

          560KB

          Download