ddf70aafb9fde05f7f7547539dcfae25e369cfbf19a25155818b911880bd46ec | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 03:51

Sharing

Report Analysis Logs

General

Target

57e7d75a90f5515ddb0975368f7e26f3.exe
Size

337KB
MD5

57e7d75a90f5515ddb0975368f7e26f3
SHA1

a2cc572f4c553fbfbcfd56cbdaec1207076ea202
SHA256

ddf70aafb9fde05f7f7547539dcfae25e369cfbf19a25155818b911880bd46ec
SHA512

309cdce246272446879f3d6e5f95cabe993e0a1d727f27d1142ce24a9abcf21987cf2128e6c53781ab1e6160206d70d9d222ef490ea36c194ff3f1efdccb0694
SSDEEP

6144:ffTAnNXWeVo3gIRoN9eXn9SZRZDnw11nbyW+Ht:ffTAnYmoJonOsZDwznbz+N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2340-0-0x0000000001000000-0x0000000001093000-memory.dmp	upx
behavioral1/memory/2340-1-0x0000000001000000-0x0000000001093000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 1676	2340	57e7d75a90f5515ddb0975368f7e26f3.exe	28
PID 2340 wrote to memory of 1676	2340	57e7d75a90f5515ddb0975368f7e26f3.exe	28
PID 2340 wrote to memory of 1676	2340	57e7d75a90f5515ddb0975368f7e26f3.exe	28
PID 2340 wrote to memory of 1676	2340	57e7d75a90f5515ddb0975368f7e26f3.exe	28

C:\Users\Admin\AppData\Local\Temp\57e7d75a90f5515ddb0975368f7e26f3.exe
"C:\Users\Admin\AppData\Local\Temp\57e7d75a90f5515ddb0975368f7e26f3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\system32\ocsetup.exe
  "C:\Windows\system32\ocsetup.exe"
  2⤵
  PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2340-0-0x0000000001000000-0x0000000001093000-memory.dmp

Filesize
588KB

Download
memory/2340-1-0x0000000001000000-0x0000000001093000-memory.dmp

Filesize
588KB

Download