Overview

overview

10

Static

static

10

IMG_LOG.exe

windows7-x64

7

IMG_LOG.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    7s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-05-2024 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IMG_LOG.exe

  • Size

    80.7MB

  • MD5

    080ca9739a359c6b527029f3f31e5b95

  • SHA1

    6601b6e62b827e88237ef0c26e82f484ce7ac4f3

  • SHA256

    20c6b1329575f386272ed3a2eaa51e22a16d680c1da9b6e47d43dbdb078c0bac

  • SHA512

    d084c15f8f0301fe1e14ec8f41d8483e5dd1131e14ba47091c7954ecfee7907195158e7bd02634d104782aa91deef0596a88e895cd0f7f3bf67d92356620bb40

  • SSDEEP

    1572864:2vNBYQ3jZPJSk8IpG7V+VPhq+EE70jC9iYgj+h58sMwoWH9/6L4cJzqA:2vNBY+5JSkB05aw+OuH58S9/yfq

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IMG_LOG.exe
    "C:\Users\Admin\AppData\Local\Temp\IMG_LOG.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Users\Admin\AppData\Local\Temp\IMG_LOG.exe
      "C:\Users\Admin\AppData\Local\Temp\IMG_LOG.exe"
      2⤵
      • Loads dropped DLL
      PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI19362\python311.dll
    Filesize

    1.6MB

    MD5

    5792adeab1e4414e0129ce7a228eb8b8

    SHA1

    e9f022e687b6d88d20ee96d9509f82e916b9ee8c

    SHA256

    7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967

    SHA512

    c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI19362\ucrtbase.dll
    Filesize

    1.1MB

    MD5

    56c350293b27d61410f9d212f6f4b8f3

    SHA1

    4b11908f434e2eb1b253d0023660381b349eb09a

    SHA256

    b30c5de351714e033b9e835158f008c96f17e492a85bfb1bddb3424d286b59fc

    SHA512

    3281e85a741e73f134289b5cae5304b5f236117d605b98987a25251ea4cc1bc37718765485892f0163c4496f5ebd2290e23989573aea84f1537441dd33cb711b

    Download Submit

  • memory/2380-1275-0x000007FEF5E10000-0x000007FEF63F9000-memory.dmp

    Filesize

    5.9MB

    Download