Overview

overview

7

Static

static

7

7f204f6c3d...a3.exe

windows7-x64

7

7f204f6c3d...a3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f204f6c3d1b72c4ba7ea7b738ad38a3.exe

  • Size

    1.3MB

  • MD5

    7f204f6c3d1b72c4ba7ea7b738ad38a3

  • SHA1

    e15bf613cb73ec511318a9aa70518724903a90ed

  • SHA256

    b1cd03d71d350fadac2b3dedf99cabf02f05d260cd5a16e598916c110ada5c6c

  • SHA512

    47fc98ecfb8f37911abaafadbce35a9c1a0d6a12b825435054a109a38c6d4f17ea1721021c51524152c24574b47b3c4d5de3dd51dcd8dc771bc1e34411e3a32c

  • SSDEEP

    24576:sSzy2h6Vbu+aTiOnK71RlNbyBTh6yIreOQvMcMk0sDuHtV3+vG:jzjh6dCKBRc4xeFok0+ur

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f204f6c3d1b72c4ba7ea7b738ad38a3.exe
    "C:\Users\Admin\AppData\Local\Temp\7f204f6c3d1b72c4ba7ea7b738ad38a3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Users\Admin\AppData\Local\Temp\7f204f6c3d1b72c4ba7ea7b738ad38a3.exe
      C:\Users\Admin\AppData\Local\Temp\7f204f6c3d1b72c4ba7ea7b738ad38a3.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7f204f6c3d1b72c4ba7ea7b738ad38a3.exe
    Filesize

    864KB

    MD5

    01e61cbc55f9baa60726657039fc27f9

    SHA1

    38c72d158923e93b25617a2f20e1e17581212d99

    SHA256

    bd24d1a2b6d581b871b9187db9aea876a23233c7833889a7564ac4fe3b7aa36b

    SHA512

    8a07bc803cac40bebcb33b2a7a13f084ed6b97b4e936080540c58a5602ac6f6d46f406b9298c92e19140229dddc35cd741dcf688ce25c745b1543f5402c0e532

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7f204f6c3d1b72c4ba7ea7b738ad38a3.exe
    Filesize

    966KB

    MD5

    a26ab49cf7c1b672a425311b7bde4a6d

    SHA1

    05e57646622452eea0cc1397d0c4ea1ffff138a7

    SHA256

    d24edd144f6bc5b19b7429aab079d6941d03679455e9e710cb8c9653d7477ca7

    SHA512

    46e05c7d4d5ee2de2f0f1c3f189b6da091eaeb69f372d5bb419c23d31bba56c09e1b1d045dc30b7c43fb597d2bfc89d38d62d166e0a4b9c7032d7f621995f5bd

    Download Submit

  • memory/2316-18-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2316-21-0x00000000002B0000-0x00000000003C2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2316-17-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2316-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2552-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2552-3-0x0000000000280000-0x0000000000392000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2552-1-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2552-15-0x00000000036A0000-0x0000000003B0A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2552-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download