Overview

overview

7

Static

static

3

e1a5485067...b8.exe

windows7-x64

7

e1a5485067...b8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2024 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1a54850676be5c56132ddfe06ca2bb8.exe

  • Size

    90KB

  • MD5

    e1a54850676be5c56132ddfe06ca2bb8

  • SHA1

    75d34de22decadf94a1563b1f7b52a255dda365c

  • SHA256

    519c50993de9c182b22ff143112ff370e35e6d53876b318e4f98555ca85cacd8

  • SHA512

    27214423eaedafdafb15e7acc95386707b3ba767571ff4fc79ae608b88f7f68e965c08944317c51f8385f94acb78038413085b5a738b4d45876ff77af12091cd

  • SSDEEP

    1536:VdOMPab2dNb7weQNq+W0cpdOHWR/cgjQq62DjF63tLSeJculRcgIaui:vO3KNbyVcpdOo/ykFmtLSe1lqMZ

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1a54850676be5c56132ddfe06ca2bb8.exe
    "C:\Users\Admin\AppData\Local\Temp\e1a54850676be5c56132ddfe06ca2bb8.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4952
    • C:\Users\Admin\AppData\Local\Temp\e1a54850676be5c56132ddfe06ca2bb8.exe
      C:\Users\Admin\AppData\Local\Temp\e1a54850676be5c56132ddfe06ca2bb8.exe
      2⤵
        PID:624
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 228
          3⤵
          • Program crash
          PID:3556
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 624 -ip 624
      1⤵
        PID:3320

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/624-0-0x0000000000400000-0x000000000040D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/624-2-0x0000000000400000-0x000000000040D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/624-3-0x0000000000400000-0x000000000040D000-memory.dmp

        Filesize

        52KB

        Download