Overview

overview

7

Static

static

7

53b878f62a...6c.exe

windows7-x64

7

53b878f62a...6c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2024 14:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53b878f62a26568b7b86cf181ddd566c.exe

  • Size

    5.3MB

  • MD5

    53b878f62a26568b7b86cf181ddd566c

  • SHA1

    22c6f1bb5ed100667760d2b2f6e729636fe60cfa

  • SHA256

    5234d022d1d1ffb203de3fa3c4352abe4a2a6c00e58f09cd5791244795b5437b

  • SHA512

    67581219cbff50c5eddb40c2bcf85afd7d96b6272144031070a08528d58448d7f6c1ef21fdcacc8ce6da0ea1b8cefac0f67bf0e8dff9e50a19993ebcc72ea7eb

  • SSDEEP

    98304:8PMrr5T998qw/s5CrykTTCMy9ZITUuaSs1ykTTCMy9ZI:8ET9LgrlTTCMy9Zszs1lTTCMy9Z

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53b878f62a26568b7b86cf181ddd566c.exe
    "C:\Users\Admin\AppData\Local\Temp\53b878f62a26568b7b86cf181ddd566c.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4988
    • C:\Users\Admin\AppData\Local\Temp\53b878f62a26568b7b86cf181ddd566c.exe
      C:\Users\Admin\AppData\Local\Temp\53b878f62a26568b7b86cf181ddd566c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\53b878f62a26568b7b86cf181ddd566c.exe
    Filesize

    2.3MB

    MD5

    f2d416a05f631a023fdf2efb69d5a6e9

    SHA1

    cfda4f4c16b947b4511dd3cec062e95ecf20371a

    SHA256

    e96737c53dc7ecccafd618de02b54de1e61f5e60bdf898b38b2b8606c250f4ed

    SHA512

    6689aeb7ca75301bf9fa8e8fb560477810b52000ac6a72afec3e0919c768b7f339dfd184bf44b551f902b794e194d6bdabe2dcf9ef43113533bc931e8b538725

    Download Submit

  • memory/2096-17-0x0000000001C60000-0x0000000001D72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2096-16-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2096-14-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2096-24-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4988-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4988-1-0x0000000001BC0000-0x0000000001CD2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4988-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4988-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download