Overview

overview

7

Static

static

7

4fa9921872...8e.exe

windows7-x64

7

4fa9921872...8e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 05:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4fa9921872b1be40d133597b2e324d8e.exe

  • Size

    10KB

  • MD5

    4fa9921872b1be40d133597b2e324d8e

  • SHA1

    c11f6d8c7a2e8622b74dd7ece41d26c9c8fb2a86

  • SHA256

    48ad665ea43ba7e8e43c0dd82ff8768bbf4218a2af9d804a8e14ddcd06a27896

  • SHA512

    e283e883f4f10e385d387d341189fb70394d92e431979f49d58c3c83fc0a32ff287e3854f0752f5e40eb56f909bc14b3b551e5218bcb4acdcedf638361722a99

  • SSDEEP

    192:xrx+vTbe0r91Z/eAQQwwVKbI2bq07kx85Jjhu+bFR:xrxUe0x1ZGAdws50V5LR

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fa9921872b1be40d133597b2e324d8e.exe
    "C:\Users\Admin\AppData\Local\Temp\4fa9921872b1be40d133597b2e324d8e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tmp564E.bat
      2⤵
        PID:4236

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\tmp564E.bat
            Filesize

            233B

            MD5

            6e3ac680b61cbef2cc7fc4bbb297bea9

            SHA1

            792295fe8f005a73d160d39d190c2e60ee08aaee

            SHA256

            b686d8f862f9fa0d31115e221d072e001e6681d0570efb579b21c97f7cefcfaf

            SHA512

            f14b0beb1e834b65926e3f124be2d977b92f5c42e6a0f4ab34f1d3cfab90cff1894a942d8967c70628c962e57499ad9ad3edb45d89733c1e69e9792e6200de37

            Download Submit

          • memory/2712-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2712-3-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download