Overview

overview

7

Static

static

7

73a157bef1...c1.exe

windows7-x64

7

73a157bef1...c1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 03:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73a157bef12644e247c304d49fa48ac1.exe

  • Size

    1.3MB

  • MD5

    73a157bef12644e247c304d49fa48ac1

  • SHA1

    ee94892f4d845815b9d31c45be23a80e1918b724

  • SHA256

    cf3451dd86c4d507556bda59fc39722484c200d948b7d51e564c954854116c1d

  • SHA512

    cddaefd6eeb023762e2f5a228db0a326a90173594d3e79f646b042d65080c1835ac7bda310b63b4e23cd9b73bec1688d06bf5f20c1907403e6e08dadc8251c27

  • SSDEEP

    24576:oGiTGuWAn02arHuGzPTOMwUGZPHQgCZRsCV1KsuG68XCxm+DbrtKgU9/9Us:n0GvAnMrfPi/4gChVZXEmTR9j

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73a157bef12644e247c304d49fa48ac1.exe
    "C:\Users\Admin\AppData\Local\Temp\73a157bef12644e247c304d49fa48ac1.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Users\Admin\AppData\Local\Temp\73a157bef12644e247c304d49fa48ac1.exe
      C:\Users\Admin\AppData\Local\Temp\73a157bef12644e247c304d49fa48ac1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\73a157bef12644e247c304d49fa48ac1.exe
    Filesize

    1.3MB

    MD5

    f15497c611e40b18dfebe3bd9f18f853

    SHA1

    cd7ee4280636d56f40c6ac5ec4581dc77f44447e

    SHA256

    19e4057711365d72f4993b28364fa8c0fe01001f5ca5571766db9b8683bdaa6b

    SHA512

    330c181fd0fecbbbbb03a1b4c4e7bb0ad2d603891e36252c9f2db9bbf824cac7f9610b0035a250cff8df45aaebf6892825e2b2d5d1192ebaeeecf1d3f28f88a6

    Download Submit

  • memory/1844-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/1844-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1844-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1844-12-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3640-13-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3640-14-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3640-15-0x0000000001CF0000-0x0000000001E21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3640-20-0x00000000055E0000-0x0000000005802000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3640-21-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3640-28-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download