Overview

overview

7

Static

static

7

85df04e8a8...be.exe

windows7-x64

7

85df04e8a8...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85df04e8a8a9aab7ef7536d5c7aef1be.exe

  • Size

    1.3MB

  • MD5

    85df04e8a8a9aab7ef7536d5c7aef1be

  • SHA1

    0adfa8beb1a74204df9656dc6aefa91350ac5af0

  • SHA256

    67a1ae967411b10574e7a03c89099f6981fedf3876cf065fec4591297489fe85

  • SHA512

    2a37b3ca9e462dab63b1882e92016c661094f90e05fb432e26340d89403a53869bf69e4b196ef0a31b70dde8672bf625eeb41862f6df6156ec187f5a8be69744

  • SSDEEP

    24576:tMmbsqJMICqJ9d3KDxD28eYPv9qVb4X73WmMX9RmRuOOHUvG:tMpqJMICqzm2dYtKi7G0/

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
    "C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4844
    • C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
      C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
    Filesize

    128KB

    MD5

    91fd4035bc71272e7c149b02fe1e33c5

    SHA1

    369bcc05820f55b13760af99b406437ba8ac6524

    SHA256

    8772f57af99f9fb54c824537b27dbcf5d3e03adb74c9414b3ec9045d9f0a116f

    SHA512

    24a134445c0bafcdc3de1a4e956dca11a6d855d04ef5557eab64ff10a85f429948deb615b135cc38f49df6a8fb619b9f3e7627aa7a39430496f55165d02ef093

    Download Submit

  • memory/3656-15-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3656-17-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3656-16-0x0000000001870000-0x0000000001982000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3656-24-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4844-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4844-1-0x0000000001BC0000-0x0000000001CD2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4844-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4844-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download