cfc1155f576b0a19d0751b0ae796e7db156ebc7ee8bfa38a735d6856351e2336 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 18:24

Sharing

Report Analysis Logs

General

Target

加班调休政策更新通知.exe
Size

232KB
MD5

02fa9a069efdeb0c61592366bb656c6a
SHA1

1d48f2d485f63d78012050616f1cb76a6688fdf9
SHA256

1ef89f1692f66fda6ec4eea2ac7304e9c7f7cb280ccddbdc1f33a68cf2fe10e3
SHA512

1bcda0da4b5df387f793f4ee7b2c30f50ed203422fbba5bbd773eae3cc6026e778509c4da4b1d33239cad151c011331129db6cae514e969a5ca5bf070c9d0e8d
SSDEEP

768:hEzEj8kHiepqugnvnpIFDTs58MJtozOqD4xfr9lKVkE1us+yL:hEA7iepvg8U53/42rjf0uUL

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral7/memory/2892-0-0x0000000000400000-0x0000000000476000-memory.dmp	upx
behavioral7/memory/2892-1-0x0000000000400000-0x0000000000476000-memory.dmp	upx
behavioral7/memory/2892-3-0x0000000000400000-0x0000000000476000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\加班调休政策更新通知.exe
"C:\Users\Admin\AppData\Local\Temp\加班调休政策更新通知.exe"
1⤵
PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2892-0-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2892-1-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2892-3-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download