Overview

overview

7

Static

static

7

c37497683e...57.exe

windows7-x64

7

c37497683e...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c37497683e028042debd07cc25c2ed57.exe

  • Size

    2.9MB

  • MD5

    c37497683e028042debd07cc25c2ed57

  • SHA1

    15adf4330eb95974b010096660359d011041684b

  • SHA256

    c063b5b566e5744ad7cb29a4416db801b362760243658d971b8633c8c9d7071f

  • SHA512

    06c6136f59dcbe46f07d0b38f7783335a6941e1ec8c5f839a42ed959e7c69b98d28d9f3dd71ffbe95f8e1faa535193cee10173267bcbb12be60187d158ba3fea

  • SSDEEP

    49152:9WZjL4X720ewNj5DkaUlGRShg4XP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:Wj620wahRShZXgg3gnl/IVUs1jePs

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c37497683e028042debd07cc25c2ed57.exe
    "C:\Users\Admin\AppData\Local\Temp\c37497683e028042debd07cc25c2ed57.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4232
    • C:\Users\Admin\AppData\Local\Temp\c37497683e028042debd07cc25c2ed57.exe
      C:\Users\Admin\AppData\Local\Temp\c37497683e028042debd07cc25c2ed57.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c37497683e028042debd07cc25c2ed57.exe
    Filesize

    2.9MB

    MD5

    8148496cbb05dd49ce66106c9dd4b0da

    SHA1

    f4314b242d4a7a450735f4451958dfbf8f784141

    SHA256

    931321df29bb1af9756f40d44be6519a95c86f04fce973b4802ce2069dbc6b8e

    SHA512

    01f77a6d2aabac39b6c899e5c34e4f52d3cb0df8dc4e58f7a4f9614b784806b7085f262f43153fa1bfb68ae0603cdfa455575931afc1631d742ed681a657c475

    Download Submit

  • memory/2800-13-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2800-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2800-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2800-21-0x00000000055B0000-0x00000000057DA000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2800-20-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2800-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4232-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4232-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4232-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4232-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download