Overview

overview

7

Static

static

7

bd46f88292...1e.exe

windows7-x64

7

bd46f88292...1e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2024 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd46f88292a56265ccd298ef93678d1e.exe

  • Size

    353KB

  • MD5

    bd46f88292a56265ccd298ef93678d1e

  • SHA1

    d856dd1d36982a3411baac992d29b0bbc54568c9

  • SHA256

    8ebc599bd1e49ada31fc5dfc0545e94a75af6a2deb377300f12f1b2e3b974acb

  • SHA512

    60f3201e2addc456efd57c2accc6d2bfdb3e0404c6327c43ae22b231c5dd8a1a3cd75dad7ba8e3f553dd1bf05f2c303f31fc585f12eaa1ed87fc8e83a141bff1

  • SSDEEP

    6144:WLwB7toazTWFlrF384upjL6ymj8ti4dhYdxfsLPrPwo+:Fp3zSbF8HL6zXwhYTfmE

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd46f88292a56265ccd298ef93678d1e.exe
    "C:\Users\Admin\AppData\Local\Temp\bd46f88292a56265ccd298ef93678d1e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\bd46f88292a56265ccd298ef93678d1e.exe
      C:\Users\Admin\AppData\Local\Temp\bd46f88292a56265ccd298ef93678d1e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\bd46f88292a56265ccd298ef93678d1e.exe
    Filesize

    353KB

    MD5

    76b2333ffb63614504c8e58fdf7869cf

    SHA1

    701a86d9ed3e9ddab514d384ad967f7036d9cf67

    SHA256

    a5fad9eb2b8fbe674c5e7f9c933460902c7a9220995d6f5f5d7c840ba734c407

    SHA512

    0e9a1649c6e62ae17751c139bd5d42eac6b19fdd61b49840db6a62bb1fa530d7ff837b667fa73ff07080b1deb1119e12e13dad866a645f93dc75c181b27d7de8

    Download Submit

  • memory/2652-16-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2652-17-0x0000000000210000-0x0000000000243000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2652-18-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2652-24-0x0000000000450000-0x00000000004A0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2652-23-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2652-30-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2876-0-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2876-2-0x0000000000190000-0x00000000001C3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2876-1-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2876-14-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download