Overview

overview

7

Static

static

7

8e2ec988a4...df.exe

windows7-x64

7

8e2ec988a4...df.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2024 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e2ec988a4f680a246db7f28aa50dddf.exe

  • Size

    1.5MB

  • MD5

    8e2ec988a4f680a246db7f28aa50dddf

  • SHA1

    25a41b951ff5f6752952c3ea5e721ea6fae0b119

  • SHA256

    7eb3424fbd9348ec49ba754b03f1c3810bd2f5b39c047646d161747be48023d3

  • SHA512

    d8f70af906bdc0a5fcc0d25eb2238a8bae56391c1a5a19b05a68ab40d869cc48b1f04c295a6843615e49b70610aab38994b791f9440290b1e63d382da875acac

  • SSDEEP

    24576:YxpUW1KxrEF8QwEqKl0rYZ5MYbUVJtgXNpN67Sw0G+wcextGpPkXWW:YxWW1KxAFtsKWrYZ5FbLs77hc9oW

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe
    "C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:5084
    • C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe
      C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe
    Filesize

    165KB

    MD5

    f8b444ceeb88705150930cad8f431f43

    SHA1

    29ce0cbebd05c5b888ac60c76d6bb0bb92e050c9

    SHA256

    66f9b838f3cd6e21169f3f1f168a6b8cfc905b6971c06be94f1c1b338087a5c2

    SHA512

    2a4ab25b207cab7f23a315a5c097ee6d5aae7cb525fab4d187f21fb64115387341e8c82a3977f24567a97e1f89665b26cd8b385cc944c6edf297eec14eb64a20

    Download Submit

  • memory/4164-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4164-14-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4164-13-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4164-20-0x0000000005670000-0x000000000589A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4164-21-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4164-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/5084-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/5084-1-0x0000000001DE0000-0x0000000001F13000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/5084-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/5084-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download