Overview

overview

7

Static

static

7

8f45f46f90...40.exe

windows7-x64

7

8f45f46f90...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 13:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f45f46f90f3e44ec8608dbfdf6bae40.exe

  • Size

    1.3MB

  • MD5

    8f45f46f90f3e44ec8608dbfdf6bae40

  • SHA1

    cd3527a8f8c9ee7d37141dc32becf3cf534156dd

  • SHA256

    ac649f22e577ff3795e881b86b6ac69a3ea2110960e32c2ede60fc7b72660b16

  • SHA512

    0db3d1f3f88b6a1c34ab559a23fd84f7ee08267712989ed5c5294dd5eedc2a3953ffd382f00db03933ae26479dc9574062cf3d7a6a9e4e718c35e7de24eb6f74

  • SSDEEP

    24576:Zf6fyqSKowooryzVCpmeJEs28GhiS+fxTACT7E275T0ApvG:Zf6aqSKqJgJo8Gh/YxdTn75w

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f45f46f90f3e44ec8608dbfdf6bae40.exe
    "C:\Users\Admin\AppData\Local\Temp\8f45f46f90f3e44ec8608dbfdf6bae40.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Users\Admin\AppData\Local\Temp\8f45f46f90f3e44ec8608dbfdf6bae40.exe
      C:\Users\Admin\AppData\Local\Temp\8f45f46f90f3e44ec8608dbfdf6bae40.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8f45f46f90f3e44ec8608dbfdf6bae40.exe
    Filesize

    295KB

    MD5

    b8ce7abde80e44e9723e6b9a5456ff52

    SHA1

    12446cdcf3619a60553c17f483171f77923a630e

    SHA256

    a7a6f748a841233901d34e743c7e343d0bbaa8967e92cdf5f2df2f6797c97e3b

    SHA512

    edb0cbae2a4f6cbc067a056880dfd54a83991e2fb219d5650e1e87dbc4e60f718b2891bee75b17c76697749728017cd6866725ca3de180dc7684e6dcf70989ea

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8f45f46f90f3e44ec8608dbfdf6bae40.exe
    Filesize

    385KB

    MD5

    247583a70d96e38daed4fa0cb96ae922

    SHA1

    c202164da33a3db48b4718ad664fd027e2144e5c

    SHA256

    7f3f162241e86b41871cbf411abd47c728487f8430f8ea5c03e9aaa0a0cba1f9

    SHA512

    9f54102a9a35b67184784dc4c187cbe3c878af0469ebe25f7ba47b4cc21fade0dc9d972278b4da69a0cfb43f4bdd185ed6d41794f7f7adf61813006b1e228d86

    Download Submit

  • memory/2404-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2404-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2404-1-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2404-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2404-16-0x0000000003410000-0x000000000387A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2404-25-0x0000000003410000-0x000000000387A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2672-18-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2672-17-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2672-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download