Overview

overview

7

Static

static

7

660d3b8a95...8a.exe

windows7-x64

7

660d3b8a95...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 21:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    660d3b8a95880174ee5e84d06181d78a.exe

  • Size

    104KB

  • MD5

    660d3b8a95880174ee5e84d06181d78a

  • SHA1

    256643000b62e7c965f1a8a6e3aab03160c7e551

  • SHA256

    ac8303927c04ea2d10b0466c1da03065aa2e2c552c5c0c1a159d4c78197e2bd0

  • SHA512

    984e50e03296b190bb00db71bbabcc5d74840361a8c1411b99327bfb6c4023dae3ca943d62d568d52ea022fa06354f0b225315c9a6f55a115aee2b4aa0044605

  • SSDEEP

    3072:o+POT5Gtf98nwoplaO+JyRYnl5nkHknQQo:o6ltf9uAO+UGkHuJo

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 120
    1⤵
    • Program crash
    PID:2188
  • C:\Users\Admin\AppData\Local\Temp\660d3b8a95880174ee5e84d06181d78a.exe
    "C:\Users\Admin\AppData\Local\Temp\660d3b8a95880174ee5e84d06181d78a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2240-0-0x0000000001000000-0x000000000100C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2240-1-0x0000000001000000-0x000000000100C000-memory.dmp

    Filesize

    48KB

    Download