Overview

overview

7

Static

static

7

ccb94a301e...31.exe

windows7-x64

7

ccb94a301e...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccb94a301ee7e794a4cda2fa6cf1a231.exe

  • Size

    1.3MB

  • MD5

    ccb94a301ee7e794a4cda2fa6cf1a231

  • SHA1

    3146ed7cd92f56e3fd8ba0dd46c54db0d8272baa

  • SHA256

    7ae54fd98c521a63acaedb49c3b9907601a9db8f12ec55bac93cd57d21559744

  • SHA512

    05b2dc7a6ac4862b6f837bc5be7fc794104dab16be20e20b84f11eb3214534ba794a4238976ce8a6c86506b8c4aeb0c212e3095518899872220c9af0d6ded771

  • SSDEEP

    24576:W5uLZHt24EysPbwtiLyvmlvdDBertlXJxEIvG:LLZN27ysPOIlvdatlZq

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccb94a301ee7e794a4cda2fa6cf1a231.exe
    "C:\Users\Admin\AppData\Local\Temp\ccb94a301ee7e794a4cda2fa6cf1a231.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Users\Admin\AppData\Local\Temp\ccb94a301ee7e794a4cda2fa6cf1a231.exe
      C:\Users\Admin\AppData\Local\Temp\ccb94a301ee7e794a4cda2fa6cf1a231.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ccb94a301ee7e794a4cda2fa6cf1a231.exe
    Filesize

    628KB

    MD5

    b17465d876fa0d7465c9a2c28c6d9b4e

    SHA1

    d743e8bdea3eca23859d515c123111e0b1a90ccf

    SHA256

    8aa560367ab0cff8b7b57d17a4a1cd969c7c441d1b600fd489c3ae6f94fc0170

    SHA512

    3614a9b10244095ee608284d93a6156c384c9154884d9e93ec7efd16e54ec38a1a4a609849617546e57a8ed86d19e96d469bdc272796d9f5c0bf87f4a63dd79c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ccb94a301ee7e794a4cda2fa6cf1a231.exe
    Filesize

    1.1MB

    MD5

    96a117d8dd98f71cc9029291d33af404

    SHA1

    94d1dd09b5584c0bf26b09a4489ee4504cc5a9f8

    SHA256

    da3e26984f86e93100c67f4d9d081ff4ad01c6e6900559b935ba708beec87596

    SHA512

    bedebf29d4dd15ac630c25db2458cb66cef51fad2ef9f40384ca039e61f1747ede0549bee4ebac302f406a2d5e7bf673046e438215165869d2d638bf2a020c8f

    Download Submit

  • memory/1112-1-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1112-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1112-2-0x0000000000230000-0x0000000000342000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1112-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1112-16-0x00000000034C0000-0x000000000392A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1112-25-0x00000000034C0000-0x000000000392A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2176-18-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2176-17-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2176-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download