Overview

overview

7

Static

static

7

8ade9dcf38...77.exe

windows7-x64

7

8ade9dcf38...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 00:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8ade9dcf3865311b0383b6007b8dc777.exe

  • Size

    1.5MB

  • MD5

    8ade9dcf3865311b0383b6007b8dc777

  • SHA1

    6f0d5f0857d74cdd9e195e2926514bbee81102a2

  • SHA256

    b9e66ca92ea81442ee442621a0705eed462775c564e84dc0b78a333137d7409d

  • SHA512

    7a5bd9483fad7f9a118d042048dddb0eda3c16202508d53163cfc95b84acd97e76c44d7a0973edab68906f8531ac6cafa43c25d9025ba812fb3e2ce7394aa6cb

  • SSDEEP

    24576:dmV0UALmylN4q1aWiBN8I0TVPjIJXUTIpQgfI2bBgKpDH4oq5M/LD0UUFpXW:dmV0RiG0NBOBGOmfI2t1pDH4fM/xUL

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ade9dcf3865311b0383b6007b8dc777.exe
    "C:\Users\Admin\AppData\Local\Temp\8ade9dcf3865311b0383b6007b8dc777.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\Users\Admin\AppData\Local\Temp\8ade9dcf3865311b0383b6007b8dc777.exe
      C:\Users\Admin\AppData\Local\Temp\8ade9dcf3865311b0383b6007b8dc777.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3340

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\8ade9dcf3865311b0383b6007b8dc777.exe
          Filesize

          271KB

          MD5

          e257281f067dd006763be82587166c11

          SHA1

          5690570147c0b4ada930ad62433d1a7e0ca7b40e

          SHA256

          d2b97105ca7f5a0222da0a5e7c8a6e98ab5ce801bf24bc35cc5061ec6c65e314

          SHA512

          930cb6788220b5a52518db677684a2a3dbf7e79c89830a2b0e5cdc85314c8685266576275e9a41982614d1822a2e53d74ccf6224d949b97a0c0d8a441d4609af

          Download Submit

        • memory/2496-0-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2496-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2496-2-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2496-12-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/3340-14-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/3340-13-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/3340-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3340-20-0x0000000000400000-0x000000000061D000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3340-22-0x00000000056D0000-0x00000000058FA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/3340-28-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download