Overview

overview

7

Static

static

7

ac1e9f04ae...4f.exe

windows7-x64

7

ac1e9f04ae...4f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac1e9f04ae7f6389a639734774b1174f.exe

  • Size

    1.3MB

  • MD5

    ac1e9f04ae7f6389a639734774b1174f

  • SHA1

    2316f4f4d78dd7842382bade832a10cab3f360aa

  • SHA256

    ba618e4ae8a57957a79380e291d75e7ace9bad6b8a5786fb3ca33790d8dbeb21

  • SHA512

    d68b8b7a66d7a0aebbd1a084c4b7fb79a8aace0634018c0538a095b4e9bfc811537aa4d62ea45d18a09e2bc626939d8b09dc7a116b9c85c4520b0ad0a68fbaa5

  • SSDEEP

    24576:PwVZvRdN7WQFpRrjDWniDKJdBRRkD4uhjV67lyXN0ESr592TCGvG:c7dEcpRrjDC1JkD4uL67cCJrL

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac1e9f04ae7f6389a639734774b1174f.exe
    "C:\Users\Admin\AppData\Local\Temp\ac1e9f04ae7f6389a639734774b1174f.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Users\Admin\AppData\Local\Temp\ac1e9f04ae7f6389a639734774b1174f.exe
      C:\Users\Admin\AppData\Local\Temp\ac1e9f04ae7f6389a639734774b1174f.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ac1e9f04ae7f6389a639734774b1174f.exe
    Filesize

    1.3MB

    MD5

    32b635e034b591848e76aed280cafd48

    SHA1

    801ee68d9962c8150fe404b5e0cb57f1d69f717c

    SHA256

    54df8887674eb8dfb48ed1c6cbe9dd1d889b62e5173232f8a17fe8b0ed2a2437

    SHA512

    7845cde1d82f3e182eed5ecfce9b0e845d01892d6912977077eb62db348a2dabfa0e635252251861909a293b58347bc25b2fddef67c729a8331c44c5acf0f0a2

    Download Submit

  • memory/2064-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2064-1-0x0000000001BD0000-0x0000000001CE2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2064-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2064-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4808-16-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4808-15-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4808-17-0x0000000001BA0000-0x0000000001CB2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4808-24-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download