Overview

overview

7

Static

static

7

8d33fdf94d...0a.exe

windows7-x64

7

8d33fdf94d...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 19:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8d33fdf94d0993b7e80ee49d5f00720a.exe

  • Size

    1.3MB

  • MD5

    8d33fdf94d0993b7e80ee49d5f00720a

  • SHA1

    1c8b0696a37116fb342a295ff0bcbf63b998254d

  • SHA256

    4c07f165c873f9653f7207a9d245bd0cc557f32aa6214bd04ccaa2d990b50f95

  • SHA512

    b48e0e4af38cb7092e13e31c19d23cc173f96cc15a2baae1e8bd7b02c12219756b22e77a214d28695ef86cbb3abd3b10e265669d882ae9f6ed97e32de9887931

  • SSDEEP

    24576:cdZoT8iEejT8pGUErm8wL4WPhBzgKotsOQWh8pwlvG:WM8QDUErm4WPM1FFQw

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d33fdf94d0993b7e80ee49d5f00720a.exe
    "C:\Users\Admin\AppData\Local\Temp\8d33fdf94d0993b7e80ee49d5f00720a.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Users\Admin\AppData\Local\Temp\8d33fdf94d0993b7e80ee49d5f00720a.exe
      C:\Users\Admin\AppData\Local\Temp\8d33fdf94d0993b7e80ee49d5f00720a.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1900

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\8d33fdf94d0993b7e80ee49d5f00720a.exe
          Filesize

          1.3MB

          MD5

          cb763f063916dd201efd95694e8800e1

          SHA1

          6d6e9380a30352a63ec08a9166bb0ca3c18b5058

          SHA256

          2059ca55ad0b1de3fe4f5da00f3dc706dee9a78109bc38504757f96925b0095c

          SHA512

          b8b237ff81d0cdff83285d5062087ce746fcca9750d91905badd054ab0210331ed6cae34c681205fa5afeccdca2c48c631ccc2b1964c3c15ba09c8f16cbec23f

          Download Submit

        • memory/1900-17-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1900-18-0x0000000001870000-0x0000000001982000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1900-14-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1900-24-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1996-0-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1996-1-0x0000000001870000-0x0000000001982000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1996-2-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1996-15-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download