Overview

overview

10

Static

static

3

75057e3143...99.exe

windows7-x64

7

75057e3143...99.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75057e3143e83260c56cb2ea4660da99.exe

  • Size

    50KB

  • MD5

    75057e3143e83260c56cb2ea4660da99

  • SHA1

    8911672d14cf4d4195d802986803be8f9dcf66fc

  • SHA256

    a7179286326fd0f750d4c24e18d69fc25480f3e85f6640d4590b2917da7bddaf

  • SHA512

    ad16319c233df094bc23f938f1d6a4915c1fe6a52bc2c978b8123fe1329ad66eb25008a793b37a4b907e3164ce3572c890a5d7097efa0777c74d0a2fe30d5926

  • SSDEEP

    768:w4PE5eark7aaPFYoIIAyhQ7u1oIVTXHuq4NXsewvVNsqOlWDtDZJWEnRrev:tM5ea47aa9p27u6IZuq4N8g+DLJWCR

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75057e3143e83260c56cb2ea4660da99.exe
    "C:\Users\Admin\AppData\Local\Temp\75057e3143e83260c56cb2ea4660da99.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\removalfile.bat "C:\Users\Admin\AppData\Local\Temp\75057e3143e83260c56cb2ea4660da99.exe"
      2⤵
      • Deletes itself
      PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\removalfile.bat
    Filesize

    43B

    MD5

    9a7ef09167a6f4433681b94351509043

    SHA1

    259b1375ed8e84943ca1d42646bb416325c89e12

    SHA256

    d5739a0510d89da572eb0b0d394d4fb4dd361cd9ee0144b9b31c590df93c3be7

    SHA512

    96b84cd88a0e4b7c1122af3ed6ce5edf0a9a4e9bf79575eadfac16b2c46f1278d57755d29f21d7c6dcb4403be24b7ac7da4837c6cc9c602342a8f2b8e54883df

    Download Submit
  • \Windows\SysWOW64\xxyyyxx.dll
    Filesize

    33KB

    MD5

    6b565aa8fb498eb7c7f1588d70ba1b23

    SHA1

    2a55f0efcf84c0c76ae32e7705fb49173eb7ba04

    SHA256

    f0756ace2691a950dea37a13ba8257b00e9beb3f4b849f7996b4909a92e51775

    SHA512

    c15bc5f110ca3bd017ef0ca3dc0bd1b3f7cd56f5fd2d65892fcccb6c7f96f39cc11e82fe342751d43e80da6ab5bed125c822f502536317ed65427953d5926f6c

    Download Submit
  • memory/1900-0-0x0000000000400000-0x0000000000419000-memory.dmp
    Filesize

    100KB

    Download
  • memory/1900-13-0x0000000000400000-0x0000000000419000-memory.dmp
    Filesize

    100KB

    Download
  • memory/1900-15-0x0000000000400000-0x0000000000419000-memory.dmp
    Filesize

    100KB

    Download