Overview

overview

7

Static

static

7

b80693f08c...87.exe

windows7-x64

7

b80693f08c...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 18:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b80693f08cebc222f14e25000cb42387.exe

  • Size

    2.7MB

  • MD5

    b80693f08cebc222f14e25000cb42387

  • SHA1

    462821fcfa299cd0a3694587b5d9dad43dca77c2

  • SHA256

    3ae7706fb5bab9733315fd88cb4bf6461def1383d88e971ce22dfe9842c142a8

  • SHA512

    3b23edb0cf2f190755c196dbbdd8bfea9bf0e55988ac8744585187953e0aff54f0898a9355b2ae8ee15f89d6bd14f2b97cf7fb5c3665b061a54a4c9e32216c9d

  • SSDEEP

    49152:zHvTKXhUvqKnHa7BN6vmzyHpX/rgeo0op/9sxrjskruVmtp:zHLKRUvqKnGBYuzyHpPrgCc/9slYkKVW

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b80693f08cebc222f14e25000cb42387.exe
    "C:\Users\Admin\AppData\Local\Temp\b80693f08cebc222f14e25000cb42387.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Users\Admin\AppData\Local\Temp\b80693f08cebc222f14e25000cb42387.exe
      C:\Users\Admin\AppData\Local\Temp\b80693f08cebc222f14e25000cb42387.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1932

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\b80693f08cebc222f14e25000cb42387.exe
          Filesize

          2.7MB

          MD5

          7fb24ade8af204b64b8fb3b5d9765673

          SHA1

          97b93a64cbf9e194d8c21d50a06965913770b849

          SHA256

          9496f1ba1a40f518eb3564d9b8e52123765450bb7086a0ad4c69efc5c40a2322

          SHA512

          60b3fbb8ab681d823b39b09f2ffbe40cb8dd94e1e1bd1481eb86f8205e5b59f3c6ff44a2c93b5887f4e870b267a7bd0c4321557547f18bb03a888d7c4fbe72b8

          Download Submit

        • memory/1932-16-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/1932-17-0x0000000000130000-0x0000000000263000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1932-15-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1932-22-0x0000000000400000-0x000000000061D000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1932-23-0x00000000033F0000-0x000000000361A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/1932-30-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2916-0-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2916-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2916-1-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2916-14-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download