Overview

overview

7

Static

static

7

cab129bebe...fd.exe

windows7-x64

7

cab129bebe...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 06:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cab129bebe44a8b9c3af7a546601e2fd.exe

  • Size

    1.5MB

  • MD5

    cab129bebe44a8b9c3af7a546601e2fd

  • SHA1

    e903339e66bb1e5a8df3a5428837e79e17f4bde6

  • SHA256

    5d8ac617f593aabd6fb38dd1a73e1f21a51bea8a2ff6145a87a58583a73f1fcf

  • SHA512

    35ffc7bd730dfe426d19854caf55a7c69669e9193bcbdc09daf2d950461e5676914f2adcba6f8f6b7a27b5184c93bc3851bbaa67145dd64064095d8c97c0ac95

  • SSDEEP

    24576:ssC97EJAIxK0kjSgEo5Gyaa+qXyyHu46DDlC+7QRe7d++iBIN7ixfEW:ssC9gJponOLu/+Q3KVjyINexc

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cab129bebe44a8b9c3af7a546601e2fd.exe
    "C:\Users\Admin\AppData\Local\Temp\cab129bebe44a8b9c3af7a546601e2fd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Users\Admin\AppData\Local\Temp\cab129bebe44a8b9c3af7a546601e2fd.exe
      C:\Users\Admin\AppData\Local\Temp\cab129bebe44a8b9c3af7a546601e2fd.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2540

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\cab129bebe44a8b9c3af7a546601e2fd.exe
          Filesize

          1.5MB

          MD5

          f8d35049fd3d8868b1db3a4359a8bcca

          SHA1

          bf5e36e3cb169c9d8adfdead4ade44e2a0cd477c

          SHA256

          ccd5125a94e1eec3ca37292aab0ac3cd1c257b2c65265c06799b3a2a6bf66af6

          SHA512

          21133309207fb261762dba6ef97f5ff046a91d5020dc1569be2b7887ee592cfb0e0dfb848b1baaed1d957b400ea58201b504dc0784fa3a5c98316131f15bb1a8

          Download Submit

        • memory/2160-31-0x0000000003610000-0x0000000003AFF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2160-0-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2160-3-0x0000000000280000-0x00000000003B3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2160-15-0x0000000003610000-0x0000000003AFF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2160-14-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2160-1-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2540-17-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/2540-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2540-23-0x0000000000400000-0x000000000061D000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2540-24-0x0000000003410000-0x000000000363A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2540-16-0x0000000000400000-0x000000000062A000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2540-32-0x0000000000400000-0x00000000008EF000-memory.dmp

          Filesize

          4.9MB

          Download