0e8a8371ffa38233acfa2279f719ea333918dff3d710994e30825d906f5a7625

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5112318916e328418d19b029857a543.exe
Size

181KB
MD5

b5112318916e328418d19b029857a543
SHA1

cfbf850c8b5dd24c2f78b568b0bc2ba924727439
SHA256

0e8a8371ffa38233acfa2279f719ea333918dff3d710994e30825d906f5a7625
SHA512

a2245ff86a9c25df781d7a8724bde7a18d753520fa4107a241452a2fd9aa595130bd551ceebeb2c7656b184d117f14534b78c78b67eca9c86cc8af48deeaeba2
SSDEEP

3072:aAMFZgXocmp4uPHnnXFtO6qn8zp/KkSUTqoPmUtCQaYWK9qsQ9Lrc+0:adUhmNPHn1tin8l/UUqUE3c969LrcN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000400000-0x000000000047B000-memory.dmp	upx
behavioral1/memory/2212-2-0x0000000000400000-0x000000000047B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b5112318916e328418d19b029857a543.exe
"C:\Users\Admin\AppData\Local\Temp\b5112318916e328418d19b029857a543.exe"
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2212-0-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/2212-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2212-2-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download