Overview

overview

7

Static

static

7

8de771faa9...3e.exe

windows7-x64

7

8de771faa9...3e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8de771faa9dbcb1a9d467f4e7d6b713e.exe

  • Size

    2.9MB

  • MD5

    8de771faa9dbcb1a9d467f4e7d6b713e

  • SHA1

    dde5a286bc1cf70110c8cd71f697d7e06f874a5e

  • SHA256

    5210a3852a4c9ba42b8c4afc718895cbdb3c57d42bc56e96baba35d11110b080

  • SHA512

    fd2887571d86f8a8bb22c3b0fbd3d30c5925c92d865f9dd5067e81575d7dec6e9fb7b09a00b9b45d7dcafa6b9fe75cbdcff73ba14df92a821d1998f48317e3d9

  • SSDEEP

    49152:Ixa1DBtqtnGxi/oqqTr1XCN74NH5HUyNRcUsCVOzetdZJ:9Drqtn1gqqdC4HBUCczzM3

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8de771faa9dbcb1a9d467f4e7d6b713e.exe
    "C:\Users\Admin\AppData\Local\Temp\8de771faa9dbcb1a9d467f4e7d6b713e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Users\Admin\AppData\Local\Temp\8de771faa9dbcb1a9d467f4e7d6b713e.exe
      C:\Users\Admin\AppData\Local\Temp\8de771faa9dbcb1a9d467f4e7d6b713e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8de771faa9dbcb1a9d467f4e7d6b713e.exe
    Filesize

    301KB

    MD5

    521d2d81c7b1f2f21aad76f27230e34a

    SHA1

    16ce4234a00521bff6bccf8e6af7e648b94674af

    SHA256

    094e34be129940d3dcf7de2d1faae4fe14d898001961d3fe41bb0f157e9a27af

    SHA512

    64ee932c1b322d5490718c9d69cc4760f2eb314bfced509c55d0bd66844883b786e266dd860e16c8a72bf8a92eeac82b9c074e63006fcccded6cbadef7ab05d6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8de771faa9dbcb1a9d467f4e7d6b713e.exe
    Filesize

    295KB

    MD5

    1001d43b5e67615008da975e3cf791cf

    SHA1

    0d202f950722dde1f9ac3ce06e7c4d7b93d6e29f

    SHA256

    9130a8b53e56042085294ff0e4370bdcf94c26897ee6f44ddb6712b0befb5721

    SHA512

    6ebaae5dee92e5f570c6039e84c1c73c9c3ee4d21cc8674cbbd4652f2d3ca652aea859e9a97be33d111d3cf136e149dd9145bbcebacfa92b2d7dae8f65a5877b

    Download Submit

  • memory/2032-16-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2032-17-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2032-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2032-23-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2032-26-0x0000000003410000-0x000000000363A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2032-31-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2740-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2740-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2740-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2740-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2740-13-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download