Overview

overview

7

Static

static

7

8e062370af...f1.exe

windows7-x64

7

8e062370af...f1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 02:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8e062370afa377f081d5be66bee763f1.exe

  • Size

    1.3MB

  • MD5

    8e062370afa377f081d5be66bee763f1

  • SHA1

    4089228cbce6a15defcef75e9319ed400217d799

  • SHA256

    fb75b65cdd030db244f21ba2c31718b894d20a026f4033e3c007c149d5ec2a4e

  • SHA512

    48a40dc75cca7f8fed527dff37dbf20f13b5b231830f2b903309a74a539e60ba85b4c04ae7e2140a1b85af8b1956b33e4b21c09cc0bffc2a2085f92a2a32497e

  • SSDEEP

    24576:uNYrf6/CNvIDSPBbKjY/M9Y4xbrtQ5i0YKx9ehvVMxLffV9UNmQGONrvG:oYmKNvAabO0M9FxFI3YKx9ehmZK7TN

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e062370afa377f081d5be66bee763f1.exe
    "C:\Users\Admin\AppData\Local\Temp\8e062370afa377f081d5be66bee763f1.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4164
    • C:\Users\Admin\AppData\Local\Temp\8e062370afa377f081d5be66bee763f1.exe
      C:\Users\Admin\AppData\Local\Temp\8e062370afa377f081d5be66bee763f1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4156

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\8e062370afa377f081d5be66bee763f1.exe
          Filesize

          754KB

          MD5

          14646a56ee3c7aa9b278ddfc202d6a58

          SHA1

          ab2aede06cf0d589b09b4dd4a3179dd194eedd94

          SHA256

          88a10dc587c72d66c47b75ae78a7a0652eea8408bba245a35d952e4b7bdcdffa

          SHA512

          70361d485ea4448e9b3f805f344814687469b77f5ce91af5c0f0ba7edd18f2f97adad856288b4e0ad70c4fc587ea7b54e751e9af081125b99ff70e099943a8df

          Download Submit

        • memory/4156-15-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4156-16-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/4156-18-0x0000000001C60000-0x0000000001D72000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4156-24-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/4164-0-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/4164-1-0x0000000001870000-0x0000000001982000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4164-2-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4164-14-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download