Overview

overview

7

Static

static

7

8eafefc412...6f.exe

windows7-x64

7

8eafefc412...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2024 08:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8eafefc41213583bd9e3a3b67615396f.exe

  • Size

    1.3MB

  • MD5

    8eafefc41213583bd9e3a3b67615396f

  • SHA1

    517ad74319edfb9b9b04f3386990f88cd488ea6e

  • SHA256

    67894dc1d42c272efc1eb09d9c79c5b9484406cd0c315f86c312f9d7f5a70209

  • SHA512

    b199012bc3a80651425746a5aa0bbb1df8b1a792f9e43060f78ade467f7d018ba4429f3656a14cb995f1e413eae263477c03a941076e20f22941a7645caf4eba

  • SSDEEP

    24576:TxxoGEzRjGLmib0tzd9ZdrYEfjr72QydIy9L8upUMq9iZoRxnx2BTFd/WO:TwGEzRqL1bGTdlff72QCIyZ8DX9iGRnU

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe
    "C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe
      C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe
    Filesize

    696KB

    MD5

    c99615c999fc77a4d6b2e791f6839afa

    SHA1

    644d8ea60e18562e34ef8780dd62cb4c79c2b91c

    SHA256

    ed5d4975b3d1b9593ecc338e2486825c96fccf24e24a6f9289c1984e0ebb7284

    SHA512

    9c1e6038bd252d85bfcd383d1357b167e921fb41c954ec6d7ed8e99d317ba4863c34b7a66c1e09c7e05907818447a41c56a14106825e7045abe281a1f51bc67d

    Download Submit

  • memory/1636-14-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/1636-15-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1636-13-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1636-21-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1636-20-0x00000000055C0000-0x00000000057EA000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1636-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3480-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3480-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3480-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3480-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download