Analysis

  • max time kernel
    134s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-05-2024 03:03

General

  • Target

    GiVirusBuilder 1.3.1.exe

  • Size

    213KB

  • MD5

    267f3e8efb022fe788a6dc25b5674c11

  • SHA1

    63e58b3a6f4052ef102009fecfbcce0740913a3b

  • SHA256

    8d4bff39360cbdd7d73a4adbd163ff195339b49752f33fadeb10be5699c7da8e

  • SHA512

    c1c1b0f04c88dad230f6b1638da851827ad58baa76787e954f575c73845c1d61ebc85715ca11b3f3569a8cc7a77d50d0aa7259b5172525337de5b4c6a34c1cc4

  • SSDEEP

    6144:/ghwx4qFbiwtMKohz9fRmF+eEENw8p7Q1LHpoSjocs:/ge+B7KwuXEMwbRpoSEv

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GiVirusBuilder 1.3.1.exe
    "C:\Users\Admin\AppData\Local\Temp\GiVirusBuilder 1.3.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4500
    • C:\Windows\System32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\5D33.tmp\5D34.tmp\5D35.bat "C:\Users\Admin\AppData\Local\Temp\GiVirusBuilder 1.3.1.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4512
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:408

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\5D33.tmp\5D34.tmp\5D35.bat

      Filesize

      137KB

      MD5

      eed61e44ae54dc807011351c026688aa

      SHA1

      07502ac5bbd086ce5feb209cdc15c95530bdd01f

      SHA256

      7fb61b7263b95f436db0ca5a058bc7b68ed286c83a5ad111e50bd83263033a29

      SHA512

      5c1a3bb1d8f402403c2b40cbdba51251167cd4b90937e48dccd4f0270df895957a097ff7493ce7f9e190b6c1b78e2e9161a83ec1dc83a9c34c15cbdc60ac8fdf

    • memory/4500-0-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

    • memory/4500-3-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB