Overview

overview

7

Static

static

3

3fe6dd9148...11.exe

windows7-x64

7

3fe6dd9148...11.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 14:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fe6dd9148152f40c8f0b10d6cfa1a38f24d3bc4f5abf39f9dda7aad0504c311.exe

  • Size

    13.8MB

  • MD5

    ef2f305cb9eac9cd6590597654c2006b

  • SHA1

    675c15b414949e061ffbb0d498ea37afe7a71251

  • SHA256

    3fe6dd9148152f40c8f0b10d6cfa1a38f24d3bc4f5abf39f9dda7aad0504c311

  • SHA512

    5896336e2e992bdf71bdf1582601727dc794842e6072085ff56e46c5a774c01845a5070061fbb8ef33fdb64145e76ecb268f9434b7969438678838f0755f5349

  • SSDEEP

    393216:1kQW8J6I1KopqCiK1piXLGVE6BDBvXsekBMqY7L:1kQW8JYMDiXHODBv5kkL

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fe6dd9148152f40c8f0b10d6cfa1a38f24d3bc4f5abf39f9dda7aad0504c311.exe
    "C:\Users\Admin\AppData\Local\Temp\3fe6dd9148152f40c8f0b10d6cfa1a38f24d3bc4f5abf39f9dda7aad0504c311.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Users\Admin\AppData\Local\Temp\3fe6dd9148152f40c8f0b10d6cfa1a38f24d3bc4f5abf39f9dda7aad0504c311.exe
      "C:\Users\Admin\AppData\Local\Temp\3fe6dd9148152f40c8f0b10d6cfa1a38f24d3bc4f5abf39f9dda7aad0504c311.exe"
      2⤵
      • Loads dropped DLL
      PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21802\python313.dll
    Filesize

    1.8MB

    MD5

    d51abec0640590480bd6c20f276c06cf

    SHA1

    ee3e1e6b8cb439d073b43d855566ff915881d896

    SHA256

    3ad2cd6eb86c3bfbb90450dfe3e894618f59999fcb87432bd0d1424e38382d4c

    SHA512

    1819505c360b2fd69ea6377c2a9fdc0d690a840077dbb3de5d63239adfdfdaeea46eb43884fed32353ef1f8f8d722b49ab1b9a4a9e2c929a1225252563fd1d85

    Download Submit

  • memory/2028-990-0x000007FEF5A10000-0x000007FEF6073000-memory.dmp

    Filesize

    6.4MB

    Download