Overview

overview

7

Static

static

7

95be113d0d...31.exe

windows7-x64

7

95be113d0d...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95be113d0da369ec6cd8626202eff531.exe

  • Size

    1.3MB

  • MD5

    95be113d0da369ec6cd8626202eff531

  • SHA1

    044b6f397bf349bd3d50dd895eb265911e53d51d

  • SHA256

    aad10a260638a7dad8df983e276988491e8fff10bdc69bf3c113d5aa51ab61ba

  • SHA512

    da089143a1240b7d008d973041f7d71e6f53427aa7122c9b482d2b8da075b0578dcd6df8e99290b966b319dfbde078a2d940e9d5dad686e4d9314f0f1fb3af56

  • SSDEEP

    24576:ded/ZSSjp8sSpwgjpAeQZYoweQ0LFy6HtGbLmb2YCxLzvG:d2hSS18/pZQZYoweQ0LFkLmbbCx

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe
    "C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:956
    • C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe
      C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe
    Filesize

    1.3MB

    MD5

    8f023664b96617e1b047887eed8c289e

    SHA1

    7da58804239c6d0158407d5b6a6ef4cb350b8a7d

    SHA256

    87c3e2d1dd74b28634f484962603ca6cc787681ed5eaec996c76a0eef0b628a5

    SHA512

    a2c81009ca0338bf2f873d9a077adccefc155a02b12290eb8ae276c9df3bf1049e865350816b60aa5cb81f2d061db09ad29d429e4aa98df9b6901fd31c38cd4c

    Download Submit

  • memory/956-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/956-1-0x0000000001870000-0x0000000001982000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/956-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/956-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3424-16-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3424-15-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3424-17-0x0000000001C80000-0x0000000001D92000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3424-24-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download