Overview

overview

7

Static

static

7

c7b5f5cbae...2e.exe

windows7-x64

7

c7b5f5cbae...2e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 04:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c7b5f5cbaeb9e4bd035e9adfbfb1802e.exe

  • Size

    5.3MB

  • MD5

    c7b5f5cbaeb9e4bd035e9adfbfb1802e

  • SHA1

    a850a8f7362ad0dc92bed7b52acb0079e002b8b6

  • SHA256

    b7a352b79f9a3fbc495bf4aca01565bd5dba69ee5cd6bf42046d7fee51b49f0d

  • SHA512

    20d38a4456d94740ce978996168db21bb3ce0d4196823f3628f162742918674cfb8a2c67bbebcda233182abe6b3d20e3c2c495c2fb3d9f1e28db031a870b05db

  • SSDEEP

    98304:kHSDPtQb+OSPv64i956mSLMWlP4LZKN8+vkExeBLSPv64i956mSLMW:kHq2b3SPv64i95HAMGKZKN8+zetSPv6x

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7b5f5cbaeb9e4bd035e9adfbfb1802e.exe
    "C:\Users\Admin\AppData\Local\Temp\c7b5f5cbaeb9e4bd035e9adfbfb1802e.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Users\Admin\AppData\Local\Temp\c7b5f5cbaeb9e4bd035e9adfbfb1802e.exe
      C:\Users\Admin\AppData\Local\Temp\c7b5f5cbaeb9e4bd035e9adfbfb1802e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:864

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\c7b5f5cbaeb9e4bd035e9adfbfb1802e.exe
          Filesize

          5.3MB

          MD5

          40d6a1e921e6c15d5160176db03b48c9

          SHA1

          6d57b9bafc44b96e8b96239a3f24106a71b975cc

          SHA256

          deca4d4a314c905e14e60ef7e5874e2bf1fa291cb3c333d612b90967c05749ef

          SHA512

          a344b04ff6bf46e7f1e418c03b73c399573595d54fb5f14a59099ee253e3ea269269db2f5d990e9ada316bced302a5c83b4d21100c8d52e6543249507f776386

          Download Submit

        • memory/864-16-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/864-17-0x0000000001870000-0x0000000001982000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/864-14-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/864-24-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/3844-0-0x0000000000400000-0x000000000086A000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/3844-1-0x0000000001C50000-0x0000000001D62000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3844-2-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3844-15-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download