Overview

overview

7

Static

static

7

4d6ab59062...8a.exe

windows7-x64

7

4d6ab59062...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2024 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d6ab59062a89a9cf37047a9950db18a.exe

  • Size

    1.3MB

  • MD5

    4d6ab59062a89a9cf37047a9950db18a

  • SHA1

    b84afaaebcf41b033494ebbaf7c6eaedf87d2a21

  • SHA256

    11980b2b8678a8e121238416c9c670ec331ff8630a0b9a5d82b94ec4989c469b

  • SHA512

    62a37d590f3e4c8ec0e97abed9bed5e36dabe0d4d7a3a6cce6be0c6d93b4396673009428d9ff5b1635a5db92fac08ece94a9bfef7e7bb07674aeae19cf2a4274

  • SSDEEP

    24576:Sg7qqQEpnSEd1lbXz+brER2F+HqAxJmzF2cHo/62WztF6dXtbyLY7RvsFi3nUWis:hWq9pnSEd11XIrER2AHqAxDme6dF6d9I

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d6ab59062a89a9cf37047a9950db18a.exe
    "C:\Users\Admin\AppData\Local\Temp\4d6ab59062a89a9cf37047a9950db18a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Users\Admin\AppData\Local\Temp\4d6ab59062a89a9cf37047a9950db18a.exe
      C:\Users\Admin\AppData\Local\Temp\4d6ab59062a89a9cf37047a9950db18a.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4d6ab59062a89a9cf37047a9950db18a.exe
    Filesize

    680KB

    MD5

    a78ab8040d57b75e6bd047d4eeff46fa

    SHA1

    95e7a7c61bcc4a64e1bb1296926f5cfbeaac3acd

    SHA256

    48fe35c2c55f270639bb602086e5d09c8806942b00434866d1aa89a0612f1032

    SHA512

    c9acd9fd90c4681e80a3eee4fc7ecd5c479b3b41c2130d9077f3f9476b973b96a3a56ad94739ce5be159d8d0c85f58f28b238c9d58ad79af9cfdb03a6bbb0ac9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4d6ab59062a89a9cf37047a9950db18a.exe
    Filesize

    935KB

    MD5

    a4926482c17ff0c48fda34b2e7cd19f3

    SHA1

    79b011ef56cf3058ac02b9e19a2c2337c464c524

    SHA256

    94dbac828f81cdb194ae9e6d8488ff894f0cf745021268a35988727885ba99cf

    SHA512

    a12a81352d321d8e19ebc869590cb9936e3f99e3d7c352ce7ce78808db8a10f02961c210180c57921115ddefc427001bbf7af36f3da85abf0c88d524e9022564

    Download Submit

  • memory/2644-18-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2644-19-0x0000000000260000-0x0000000000372000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2644-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2644-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2756-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2756-1-0x0000000000130000-0x0000000000242000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2756-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2756-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2756-14-0x00000000033D0000-0x000000000383A000-memory.dmp

    Filesize

    4.4MB

    Download