Overview

overview

7

Static

static

7

ace87d8820...20.exe

windows7-x64

7

ace87d8820...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ace87d8820cc2f689294474b91aa9920.exe

  • Size

    1.3MB

  • MD5

    ace87d8820cc2f689294474b91aa9920

  • SHA1

    4fe01a2c6241f32dc28a6a288c87e2c79a1c6283

  • SHA256

    834438aedcfe2d616f72a127aa66533c5e010d9cc52417459da936b29278a86f

  • SHA512

    7b1591c9719e6ac952fda4ab6e11b16243806a9d8eee69a54c4f9c5b821f0e2fed724bf51c43d677d15e976dfc914654037905875f98d46bfc6754a0d992c34f

  • SSDEEP

    24576:x8D41gRfhMyeq3P/SwO0JL3E9133Em+l3V/hlLGOAsXWdOT9nts7G4xbESuvG:xSOgBhMVaP/SwbzK1ilLGHuT9ntsXt

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ace87d8820cc2f689294474b91aa9920.exe
    "C:\Users\Admin\AppData\Local\Temp\ace87d8820cc2f689294474b91aa9920.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Users\Admin\AppData\Local\Temp\ace87d8820cc2f689294474b91aa9920.exe
      C:\Users\Admin\AppData\Local\Temp\ace87d8820cc2f689294474b91aa9920.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\ace87d8820cc2f689294474b91aa9920.exe
    Filesize

    1.3MB

    MD5

    241e1f10662663a0f4767b2f4169b69c

    SHA1

    4641189dacd03f7100fc1d4f056360d55ebdab15

    SHA256

    78f635ae85e37e622ce2eaf2593840da6419f525529c2e46aa98300b04384fbc

    SHA512

    60c601df61891f3e33b0e2d0315bc694b2c185251268d1ec862072a9d50c49832598eb634386984e1b9c2e3f703ab01622307a7e4fc3ef5eff48340839013912

    Download Submit

  • memory/2904-18-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2904-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2904-19-0x00000000002C0000-0x00000000003D2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2904-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-1-0x0000000000130000-0x0000000000242000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2932-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2932-15-0x00000000033F0000-0x000000000385A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download