Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2024 08:03

General

  • Target

    7f4ff1734d939448f39d432999582cc0.exe

  • Size

    5.5MB

  • MD5

    7f4ff1734d939448f39d432999582cc0

  • SHA1

    81e5d8df5a20315943c97d2da0808ba08d7b7e08

  • SHA256

    cfac0cb6c4934efd5818d3619eadb593e63ccece9acccbd79a8d035cb19b3a7e

  • SHA512

    211d4296064b0316d1dc067666478fba960b0de0fbb23f4bd5610eed92c7a0173f7a9cf46024e09984783d3d99c2f043a4f45f461258f12a5b7775c8734882bb

  • SSDEEP

    49152:CNGnJLohDSqykUV1+ULOfuHjxbHuG+9+HybQLgay3vRmCFOGNj8mW4JH53R+wVGf:CNiJDwuHjffQW435mCckFR+vicS43

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f4ff1734d939448f39d432999582cc0.exe
    "C:\Users\Admin\AppData\Local\Temp\7f4ff1734d939448f39d432999582cc0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4128
    • C:\Users\Admin\AppData\Local\Temp\7f4ff1734d939448f39d432999582cc0.exe
      C:\Users\Admin\AppData\Local\Temp\7f4ff1734d939448f39d432999582cc0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7f4ff1734d939448f39d432999582cc0.exe

    Filesize

    1.4MB

    MD5

    d29f687af4845988984fe5f1983fb24d

    SHA1

    f65c77d4c394954879eb2e7065510e548d15b4fd

    SHA256

    390d848fc303eb09baec2f072f97bd58aa5f08ccd720bc3fcdbd3e80bd9acefe

    SHA512

    82a2550b08513d275ea71ae6c8e6239ab6a47662fafd83fa0f1839090a98ba8f111c98f5943fb04d2e835d3576bcf4169f0185804d82e07a8e2e21d947f83226

  • memory/220-16-0x0000000002140000-0x000000000239A000-memory.dmp

    Filesize

    2.4MB

  • memory/220-14-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/220-31-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/4128-0-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/4128-1-0x0000000002120000-0x000000000237A000-memory.dmp

    Filesize

    2.4MB

  • memory/4128-2-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

  • memory/4128-13-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB