Overview

overview

7

Static

static

7

c3a874045e...81.exe

windows7-x64

7

c3a874045e...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3a874045ee441489249443cf2f3b581.exe

  • Size

    1.3MB

  • MD5

    c3a874045ee441489249443cf2f3b581

  • SHA1

    face2fe85fc749a87bf9e2d07af0b023dd8423df

  • SHA256

    e703c6174b253d7dbccee73fec84642b2fb2e014da2c331a2d7c3cf732c65fb4

  • SHA512

    120a3cd3c508a4ef7fdbed023ab9798b599fcf9bcc8b8133c5b95822ef8c38f57f18d60fc8036db89e2b736acbee1c69f7a818b726c88f1a652ac950b3d9debe

  • SSDEEP

    24576:3M4Q/j35czJyuuFxJTvxpqYeam20TLaUu04I/E52ca2sjnGUyIckvG:c48udy37JxQY9IzrjGe

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3a874045ee441489249443cf2f3b581.exe
    "C:\Users\Admin\AppData\Local\Temp\c3a874045ee441489249443cf2f3b581.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Users\Admin\AppData\Local\Temp\c3a874045ee441489249443cf2f3b581.exe
      C:\Users\Admin\AppData\Local\Temp\c3a874045ee441489249443cf2f3b581.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c3a874045ee441489249443cf2f3b581.exe
    Filesize

    1.3MB

    MD5

    814fea6f560c2e83acf840f421579733

    SHA1

    58b5b9f7acd223e7e45f7ca6e464c492330d926f

    SHA256

    0752c0246c21317b63dda046c11beb2606c4236705dcb83ecb7b8df2e49f25d7

    SHA512

    88a0c47592631dd1c774987745bcb6255ba0200a5aac1d4972db5b18cbbae74f119f67b3d3f56cdc38d5d2009aa893024905d2cd502d72806e7c63f99363e595

    Download Submit

  • memory/4596-14-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4596-16-0x0000000001C40000-0x0000000001D52000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4596-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4596-23-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4760-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4760-1-0x0000000001C80000-0x0000000001D92000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4760-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4760-13-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download