Overview

overview

7

Static

static

7

a1589759d6...94.exe

windows7-x64

7

a1589759d6...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 07:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a1589759d69c29c1e27dfd927455ef94.exe

  • Size

    5.3MB

  • MD5

    a1589759d69c29c1e27dfd927455ef94

  • SHA1

    93ba9315a2ea5bb9f0869ea70bde4bfef6870f17

  • SHA256

    9bb334388c95b59245355b373f65896aaed5d140aedd4db9ce225b495f2b256f

  • SHA512

    11f2876320840356fc73e529d3f77d40722fdb44293afa57be78b3433127abc7c3adf7dc3bf096291676db3605c6603b23e003afe2766b0d9ebb0975f127b6ac

  • SSDEEP

    98304:SkyqkwbWPvHBeb1T1aqcM7NuhnrBGnJEZBeb1T1aq:nyFo3b7atM7NuFBub7a

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1589759d69c29c1e27dfd927455ef94.exe
    "C:\Users\Admin\AppData\Local\Temp\a1589759d69c29c1e27dfd927455ef94.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\a1589759d69c29c1e27dfd927455ef94.exe
      C:\Users\Admin\AppData\Local\Temp\a1589759d69c29c1e27dfd927455ef94.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1416

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\a1589759d69c29c1e27dfd927455ef94.exe
          Filesize

          5.3MB

          MD5

          f0837168418a9b273c477071b5563d2b

          SHA1

          612586be2fe195c93651d2259c3cee64cb89cee7

          SHA256

          7886cb3b9e2108d0fa74879f9e2f847abb8d8f91dfb07798b174feae1da91121

          SHA512

          2aca92f91606db3dc1aa66015ae1da3e5e2de0baa7a9a1f7352be82394da2b5cf0277681acb839d7750c938db86d532df785c795502eb47a3895ebe7377eedd9

          Download Submit

        • memory/1416-16-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1416-17-0x0000000000250000-0x0000000000362000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1416-18-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1416-25-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1968-0-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1968-1-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1968-3-0x0000000000290000-0x00000000003A2000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1968-14-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download