d998e7271a4c9d583e4bee46ad58e0c0e49db2b935adf6920e07f470c113ce01 | Triage

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 03:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

55988f8eb6cd9b4cbc3d465ba93d2870N.exe
Size

59KB
MD5

55988f8eb6cd9b4cbc3d465ba93d2870
SHA1

ff5c2ac20d03a9f5ef5579e036af5c48fd74a4c1
SHA256

d998e7271a4c9d583e4bee46ad58e0c0e49db2b935adf6920e07f470c113ce01
SHA512

08f2ab1ac19605c6edfed734bbb22258c3cddc608c4e1d38e13f7c77a773e7ba3c84eea22367d9c14f3f907f5f0d36bdb4fdca4ce957adf1c4835ef3697d7cfa
SSDEEP

1536:h+U3y6vV/YTE7CbP52LBOWbaBtG9B0bhJ:sU3y6VV7CwByrYB0X

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1984-0-0x000000013FF60000-0x000000013FF89000-memory.dmp	upx
behavioral1/memory/1984-2-0x000000013FF60000-0x000000013FF89000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1696	1984	55988f8eb6cd9b4cbc3d465ba93d2870N.exe	31
PID 1984 wrote to memory of 1696	1984	55988f8eb6cd9b4cbc3d465ba93d2870N.exe	31
PID 1984 wrote to memory of 1696	1984	55988f8eb6cd9b4cbc3d465ba93d2870N.exe	31

C:\Users\Admin\AppData\Local\Temp\55988f8eb6cd9b4cbc3d465ba93d2870N.exe
"C:\Users\Admin\AppData\Local\Temp\55988f8eb6cd9b4cbc3d465ba93d2870N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\services.exe" --daemonized
  2⤵
  PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-0-0x000000013FF60000-0x000000013FF89000-memory.dmp

Filesize
164KB

Download
memory/1984-2-0x000000013FF60000-0x000000013FF89000-memory.dmp

Filesize
164KB

Download