Overview

overview

7

Static

static

7

d43abf6676...14.exe

windows7-x64

7

d43abf6676...14.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-03-2024 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d43abf6676c3a06973957c2e2e4e3e14.exe

  • Size

    2.7MB

  • MD5

    d43abf6676c3a06973957c2e2e4e3e14

  • SHA1

    aa402485a3f036f21665cb5a12fd2b8896f52a35

  • SHA256

    93d21bedee91db96075be2f95d64c42ad7070eb6e6967f4037b068e8ddc76202

  • SHA512

    c5585b90cd5e2a9cec920197d756461916520905d3e41034cf4c1549ebe9a9596256b5d89297411622d26caefc594e4f0bba32e21cbf418580f1a3b153e1046c

  • SSDEEP

    49152:s/jAkR5xJolkAjn5/dpIhGR9LA229nRNePftMjjgUfM3hvquoRv4R9j:s/LPJsj5/rIAHL96EPCvtfsJyv4Hj

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d43abf6676c3a06973957c2e2e4e3e14.exe
    "C:\Users\Admin\AppData\Local\Temp\d43abf6676c3a06973957c2e2e4e3e14.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4744
    • C:\Users\Admin\AppData\Local\Temp\d43abf6676c3a06973957c2e2e4e3e14.exe
      C:\Users\Admin\AppData\Local\Temp\d43abf6676c3a06973957c2e2e4e3e14.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d43abf6676c3a06973957c2e2e4e3e14.exe
    Filesize

    2.7MB

    MD5

    4df02f79f270f0627e698fe424b97ddf

    SHA1

    1585deb5e3692ac5cd15966860a0f4f3a4de166a

    SHA256

    49348de7ba1047542fd90a16528d380a8802af4d497dbb25b2413fc83bb00de0

    SHA512

    3f483a62d3b5bc2008450089bd456addd81bc4ae6e187daa10b0522188c0da4ea8f7ec35017e12e4b2740be2c898d75dc8fb9a52a72def4b1a37839fbe3212bc

    Download Submit

  • memory/3932-13-0x0000000001D10000-0x0000000001E41000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3932-14-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3932-16-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3932-21-0x0000000005600000-0x0000000005822000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3932-20-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3932-28-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4744-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4744-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4744-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4744-12-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download