Overview

overview

7

Static

static

7

cd71e909a1...44.exe

windows7-x64

7

cd71e909a1...44.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 07:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cd71e909a17b5f78918699dd967cbb44.exe

  • Size

    56KB

  • MD5

    cd71e909a17b5f78918699dd967cbb44

  • SHA1

    742148834a40874bfa5acc1c7ddd6a078b466008

  • SHA256

    0b012c8f3973101ec3cf777f4f5b4f09d8f11dec33e505b2f5ce0c8dda40eb2a

  • SHA512

    a09ca0efaf1d6e82f781f98a2d98de66aa695cbc3fdb7d736f8e0f0b66bd5c7554bcddca5341accd46eee5d00be33f93d15aa64ea2db6f4bda8cd9ae43d8c518

  • SSDEEP

    1536:3KMXRwkeqMPM1Z20NSPAHcympHWCZ/VReYf2StVnEfGj:3Ku7fYPA8ymgCZ/CYfTVIG

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd71e909a17b5f78918699dd967cbb44.exe
    "C:\Users\Admin\AppData\Local\Temp\cd71e909a17b5f78918699dd967cbb44.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\cd71e909a17b5f78918699dd967cbb44.exe
      C:\Users\Admin\AppData\Local\Temp\cd71e909a17b5f78918699dd967cbb44.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2372

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\cd71e909a17b5f78918699dd967cbb44.exe
          Filesize

          56KB

          MD5

          a7de517261f2f972f3d995838283c9b8

          SHA1

          a6ee9fd805c7512cb478123a9c38d034ed718567

          SHA256

          54b0bb49f754bcddcc0aa131a106ed7857e6b2b22cf375e2ad43eefb61ed348f

          SHA512

          5b75201184f376bde9b96aa9c613a24ec73bfa8a1e7084ac9d8c7544a275140ce67cc343517151e984d9772a1356f78e88c60f15d979abced82853b211c64b3d

          Download Submit

        • memory/2220-0-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/2220-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2220-9-0x0000000000030000-0x000000000003E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2220-16-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2372-17-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2372-15-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/2372-18-0x0000000000030000-0x000000000003E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2372-23-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2372-28-0x0000000000170000-0x000000000018B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2372-29-0x0000000000400000-0x000000000043A000-memory.dmp

          Filesize

          232KB

          Download