Overview

overview

7

Static

static

7

a191f3fa0b...61.exe

windows7-x64

7

a191f3fa0b...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a191f3fa0bfeb45d757a21a36ee46061.exe

  • Size

    11.7MB

  • MD5

    a191f3fa0bfeb45d757a21a36ee46061

  • SHA1

    b6832415aa4e85b9ee57bc556a3665fa22f740de

  • SHA256

    0bee17038baa506186cac46ea76576cedf75c004141fcf61b63e23fd00024876

  • SHA512

    e57170a4450ad0bd5fe126f4f10274c4d3ddab0d03a831342f2bd3f388d0afd65dff632267dea128898e244395e5382d1f4429001b1aeb9bb7847ca09e6e297e

  • SSDEEP

    98304:QUrzTwZuUV4HBUCczzM3AZXfbGHZ4EMbC/Hthh4HBUCczzM3yLANEkBjVp4HBUCE:FrzTwZKWCcXf3o2WCfuuoWCcXf3o2WC

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe
    "C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe
      C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe
    Filesize

    704KB

    MD5

    8632b5b3631ca62003a184a9dd386bcb

    SHA1

    e7d638b0ba0c4e9192503d9595838343460b0560

    SHA256

    df94195f393efc5df220fc64dd0da43084e54dac509962068a00ddcdc27467c3

    SHA512

    86f2f6441dc7830ec3301338cff900416eb09413fe7e2ba702b41253776a829e24b06244d0f9ea64a4e5f373290ab59012d37a889212ad312b53eb4587b7eaa3

    Download Submit

  • memory/212-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/212-1-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/212-2-0x0000000001DE0000-0x0000000001F13000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/212-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3116-13-0x0000000001CA0000-0x0000000001DD3000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3116-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3116-15-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3116-20-0x00000000055A0000-0x00000000057CA000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3116-21-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3116-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download