Overview

overview

7

Static

static

3

a6f86e1af1...0N.exe

windows7-x64

7

a6f86e1af1...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 08:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6f86e1af16ab6dc5bb0824b79d4a1d0N.exe

  • Size

    24KB

  • MD5

    a6f86e1af16ab6dc5bb0824b79d4a1d0

  • SHA1

    c617b7c8e0a4e2c3587f2ee89da0be8d655443f9

  • SHA256

    d49b7c53b9493f64813aa78dc69f907920a2151193b9914efe3274db8301b641

  • SHA512

    3b60a1bf501b0d837dd2729164064f8759027f211fe6fc9475a65792bdffdb6b0a679397a94199c363e0af9946024fed8f9f6f7a3820649cee36b014ce540990

  • SSDEEP

    768:ErznmMeTddsf9F7Rj8tXQ8vGIDflLLdlBF+pbb8:EfmrTdGu5Zv/f5m8

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6f86e1af16ab6dc5bb0824b79d4a1d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a6f86e1af16ab6dc5bb0824b79d4a1d0N.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1600
    • C:\Windows\SysWOW64\rmass.exe
      "C:\Windows\system32\rmass.exe"
      2⤵
      • Executes dropped EXE
      PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\rmass.exe
    Filesize

    20KB

    MD5

    8c9495ff3e155e3e96c5ff492f81af1f

    SHA1

    7912796f51b63f80685d01ae609680e9071f841e

    SHA256

    5cacdac931bc0937a2eabf60c36a30ae9914e3301ba5a71b6c65fd80bbdebc56

    SHA512

    51ea5c4c0b832e76b7e4af3692260cc3f7f85b1b57936d08984bcda40a743d986584469d80916b7e02e6e19ad0c1d6640aa7b9252520434834c5791385f2b1d3

    Download Submit

  • memory/1600-7-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1600-4-0x0000000000020000-0x0000000000031000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2064-6-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download