Overview

overview

7

Static

static

3

e12803834b...35.exe

windows7-x64

7

e12803834b...35.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 07:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e12803834b0de15493dfae9ab8ef4e35.exe

  • Size

    4.1MB

  • MD5

    e12803834b0de15493dfae9ab8ef4e35

  • SHA1

    215ac6a8503ed9c0f51dd15a3ca50c6fce539887

  • SHA256

    0086810e7f608b7a2547362fc2bd933b708bbd3ffc15e109d58e0c457248b171

  • SHA512

    403a11e883372d8e12e8910c4f4a3d08bb6619cdf70aa62a40d8d5fb5eb892c623fb0b5b2765129567e3b99c79eac4b9607b66e0bc45ba2bdd05549b6014143d

  • SSDEEP

    98304:8ULgBGkUS2LVt7L7pOR2QatuPJoQCYsmykBeAbRH/2:8ULoxCnPcxatuPpCYsmykBeAb92

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e12803834b0de15493dfae9ab8ef4e35.exe
    "C:\Users\Admin\AppData\Local\Temp\e12803834b0de15493dfae9ab8ef4e35.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Users\Admin\AppData\Local\Temp\SETUP_32322\Setup.exe
      C:\Users\Admin\AppData\Local\Temp\SETUP_32322\Setup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\SETUP_32322\Modern_Setup.bmp
    Filesize

    149KB

    MD5

    ded1d8db477cc655b17e16c6fe989707

    SHA1

    e48613ed98876b022460f629971c941ad3100f78

    SHA256

    7a5d14d64ef24cdf895f947700f6e8444940c3cf5b23e868f2b3a14f0fe14206

    SHA512

    3efc3d0d2bce3f5b2c9d74d1e5dee275e6bc8098e4e805ad67c57e3567c888fcd5865cee517f52419a8dd587383d51c385647873fbd025a0781e4371dba60be2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\SETUP_32322\Setup.txt
    Filesize

    22KB

    MD5

    6b9cab9e86f25fabe31520f3f9c48e65

    SHA1

    a8b423c861283fe1983c3d26654439db5ce5d879

    SHA256

    578e349432f7ff2ce9d38c5744a01916fb718322090fef7068c43166cca0e56a

    SHA512

    31bd672c62134e0210a18b2fbdffc5c11676a443eb5b1f4bea5c666b4f59ecf2aabe1f829b873b3a8a0d6ba1562e840a73fc2b74353b543f06a5a5c8f9c8cfc9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SETUP_32322\Setup.exe
    Filesize

    294KB

    MD5

    4853bae4079d04a3a26361752daba033

    SHA1

    0a5d77601bfeb90c9b414b0d99cf4040878675e4

    SHA256

    b250419de2257cc66d4adfdd36c7bfcd482e4fba5f39e96d8f42865c2b968418

    SHA512

    dcfbc4d09575aa7c5147104a9dc522b299b251b06d86f36062e616568ba238cc55d1349551638ea9a977b279ff398642845f890051f3d02c13475f47fb9b3a6a

    Download Submit

  • memory/2208-813-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/2208-818-0x0000000000240000-0x0000000000314000-memory.dmp

    Filesize

    848KB

    Download

  • memory/2208-822-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/2744-810-0x0000000002CC0000-0x0000000002D94000-memory.dmp

    Filesize

    848KB

    Download

  • memory/2744-821-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download