Overview

overview

7

Static

static

7

4bb1394f96...21.exe

windows7-x64

7

4bb1394f96...21.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bb1394f962833c0f6d5a201d10aea21.exe

  • Size

    31KB

  • MD5

    4bb1394f962833c0f6d5a201d10aea21

  • SHA1

    7e17b73da8fa5a696db591eba9c47b623961540b

  • SHA256

    360da8a426e1f436174d8b162d2c9be24806db9d76436a4e495991ec1ca34a3c

  • SHA512

    91788c7ee94ed2b2dabb1ea6368b104d1bab9bfe691730778313dd8900d99d59051ea1da87330c072f270b8ca53d244342aafda4ccf113b21c5aa846bb483a08

  • SSDEEP

    768:0XOjKP4FPPuPWG3zeIgJGNwYKEmfu5Jn2:0+jS2ueGSJ9YjI

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bb1394f962833c0f6d5a201d10aea21.exe
    "C:\Users\Admin\AppData\Local\Temp\4bb1394f962833c0f6d5a201d10aea21.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\WowInitcode.dat
    Filesize

    46KB

    MD5

    6c978a2bfa22bdd883ed21e56858f7c3

    SHA1

    95191faa2e22fc9b5985692b0cfaf793cf321cd5

    SHA256

    ef1ddee8f8cf8c9cd9c0ff38d7e8313f94dffda47881852f6b98ead3d2d84749

    SHA512

    ed59948c774c982eb50246c91b20061fde9d100e9bfcfcef7ae2ff497091c8a6723a9593583cedd793889da31d67df66e06e9f438e74f15f6e9f56c2b903e616

    Download Submit

  • memory/1288-0-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1288-5-0x00000000003A0000-0x00000000003B4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1288-7-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1288-8-0x00000000003A0000-0x00000000003B4000-memory.dmp

    Filesize

    80KB

    Download