Overview

overview

7

Static

static

7

de2cf00252...05.exe

windows7-x64

7

de2cf00252...05.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-03-2024 13:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de2cf002522a027f8c3131f37e519e05.exe

  • Size

    115KB

  • MD5

    de2cf002522a027f8c3131f37e519e05

  • SHA1

    d94015451051ab9c9f2e7bec8d5d0349368ccad6

  • SHA256

    7070d40aa507c62ba33b4e38302e3720f8b3b3d9085bb5047da64a513fe3dda9

  • SHA512

    dbf52a4c370e0f9c8cae806827aa573bf9ab7fb8bf3c6c60ce3bfbff65831741f9141a6583192fcaaf114867a8a9c1f06208cb80648d179071f4c6eff9842a17

  • SSDEEP

    3072:+veLkJ9VNegzClL+B98NMIRNq0R43lR3iZ/fXQJIDb2:+Y0HoYGSiqy43lYJfXsIb

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de2cf002522a027f8c3131f37e519e05.exe
    "C:\Users\Admin\AppData\Local\Temp\de2cf002522a027f8c3131f37e519e05.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\de2cf002522a027f8c3131f37e519e05.exe
      C:\Users\Admin\AppData\Local\Temp\de2cf002522a027f8c3131f37e519e05.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\de2cf002522a027f8c3131f37e519e05.exe
    Filesize

    115KB

    MD5

    d97d55f44d436f6b48286095d2f60f0c

    SHA1

    06cdf1e76d7eb804f034efe5bc519b13ef4509b2

    SHA256

    635c37c3966ff32002e024fcb7f6cdce410fd108eec419aa94d56f1a0655c4cd

    SHA512

    b7fb60550a8d8e25052dd25a850e17be82c7d9ef725cc1e1dd5f238c10c702ee156c2c21862d56ee255323764554daf689f37e477f35d06d1c0d403b91d60524

    Download Submit

  • memory/2796-18-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2796-19-0x00000000001D0000-0x00000000001ED000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2796-25-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2796-30-0x00000000001F0000-0x000000000020D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2796-31-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2876-0-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2876-1-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2876-8-0x0000000000140000-0x000000000015D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2876-15-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download