Overview

overview

7

Static

static

7

a99ed40b1f...8a.exe

windows7-x64

7

a99ed40b1f...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2024, 16:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a99ed40b1f4da2c488dfac0030cf0f8a.exe

  • Size

    1.3MB

  • MD5

    a99ed40b1f4da2c488dfac0030cf0f8a

  • SHA1

    5c4b0dd534159417c48998c617385dcef01f3c34

  • SHA256

    79f75575ced813a6b148cbcaf848651a145998a302188d2feb24e1980b44de30

  • SHA512

    965bf5f006b94c4a010b16aded55e81caaa2b5cf2cb5188170ee005956ac13d08bbbc3098da95b4d04a13069cf894648e488394c9b36fb15e1e802e8394e8b9c

  • SSDEEP

    24576:AMelDHp0RYPIAKRwtSE+ZXJQjhAUlSK29gU54uPoSNvG:pGDHp0RYP3cwd+ZXEh859gU3oS

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a99ed40b1f4da2c488dfac0030cf0f8a.exe
    "C:\Users\Admin\AppData\Local\Temp\a99ed40b1f4da2c488dfac0030cf0f8a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Users\Admin\AppData\Local\Temp\a99ed40b1f4da2c488dfac0030cf0f8a.exe
      C:\Users\Admin\AppData\Local\Temp\a99ed40b1f4da2c488dfac0030cf0f8a.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2752

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\a99ed40b1f4da2c488dfac0030cf0f8a.exe
          Filesize

          1.3MB

          MD5

          001c494806949af11a3a577e407bf334

          SHA1

          2200d029eb8b2274692032f8db4d507e8c712c2d

          SHA256

          234717620d2f0372c950da5227f4322b9cd458486108a6afed38e7332d6adb4f

          SHA512

          21d32975bb9f8e393077ae321f7808d6b9949e0def17e46e9c4dd5acf4a7e2cfee0467b4bcbcab55629e65925bca7c8c03958d1f2ef465bda33dda8507b32ce3

          Download Submit

        • memory/1756-0-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1756-1-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1756-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1756-15-0x0000000003580000-0x00000000039EA000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1756-14-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2752-18-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2752-17-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2752-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2752-26-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download