3c6c06f013424126e088648544574316f94d2f19f77399edc189a3a1b88ebfba | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 07:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

visualizar.exe
Size

35KB
MD5

1aa27c9ca3ff746fb669b1878d2cda95
SHA1

cff2a08b6f9645b20d1f24a9f2fbf04711eb4b87
SHA256

efbeb2b828fbf9ed8130e42caa6e6afdf50df30c320fb426cb63acc65ded5989
SHA512

9797630bcf2e0f974d55e19ba84a16f848f39859f0e4898dcd6af154d6eae69afac0933a2a095a615324e74a5eafcefa681b4ea464e4180922668bf882d3ef18
SSDEEP

768:/3oTO5+WxtAMLZpZmnABdRmUV/ckDUsiYeQJw:/YTO5tR3JBdRzRckJJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3012-0-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral1/memory/3012-3-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral1/memory/3012-6-0x0000000000400000-0x0000000000419000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3012	visualizar.exe

C:\Users\Admin\AppData\Local\Temp\visualizar.exe
"C:\Users\Admin\AppData\Local\Temp\visualizar.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3012-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3012-3-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3012-6-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download