Overview

overview

7

Static

static

7

2db88a1400...18.exe

windows10-1703-x64

7

2db88a1400...18.exe

windows7-x64

7

2db88a1400...18.exe

windows10-2004-x64

7

2db88a1400...18.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/08/2024, 03:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2db88a14007d18ceed35fcfdc1b4da18.exe

  • Size

    5.5MB

  • MD5

    2db88a14007d18ceed35fcfdc1b4da18

  • SHA1

    f0562ae6ddd4f1669ed539f0d54c3090e55d0c2f

  • SHA256

    0b28025eba906e6176bcd2be58e647beebc92680d1c8e9507662a245bab61803

  • SHA512

    4509e75eb8c3cc8d3bdea2ae463ad439a148f85e5c37586b8bf59dbd6abfd09f749dc094a5b010f0dcb407bbed3b9b5e214f95e3d4f0e5045454051853730236

  • SSDEEP

    98304:qkC+0NVtBmFNjuzk9GpGz/xh5iAF/7zMMYs1YdnMUfSnFlUU2Y8t:qkC+SVt0koI6/xPiAR7hYs1Ylf2IRY8t

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2db88a14007d18ceed35fcfdc1b4da18.exe
    "C:\Users\Admin\AppData\Local\Temp\2db88a14007d18ceed35fcfdc1b4da18.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1928

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1928-0-0x00007FF625AFF000-0x00007FF625E6D000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/1928-1-0x00007FFFD8DB0000-0x00007FFFD8DB2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1928-2-0x00007FFFD8DC0000-0x00007FFFD8DC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1928-3-0x00007FF625AF0000-0x00007FF6263BA000-memory.dmp

          Filesize

          8.8MB

          Download

        • memory/1928-12-0x0000000180000000-0x0000000180034000-memory.dmp

          Filesize

          208KB

          Download

        • memory/1928-8-0x0000000180000000-0x0000000180034000-memory.dmp

          Filesize

          208KB

          Download

        • memory/1928-14-0x00007FF625AF0000-0x00007FF6263BA000-memory.dmp

          Filesize

          8.8MB

          Download

        • memory/1928-17-0x00007FF625AFF000-0x00007FF625E6D000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/1928-18-0x0000000180000000-0x0000000180034000-memory.dmp

          Filesize

          208KB

          Download