Overview

overview

10

Static

static

3

senex-paid...ED.exe

windows7-x64

7

senex-paid...ED.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20-12-2024 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    senex-paid-UPDATED.exe

  • Size

    9.5MB

  • MD5

    6ecfc5d42916d5b53d00b9e148436bc3

  • SHA1

    f85dbed39900cef8125e946fd4a51da2efe7be04

  • SHA256

    c12d6ec3eb6e1967751332d8f19fd63f9115c39152497a61582323a067773d6a

  • SHA512

    8ee1711cab24013fb8064287b005ff2cd51cfac9585e86295b989d4bb3265fb77d272f8f23327e53dd2356ac32601f32fa7e56a1df0b8efa22f414e697453f58

  • SSDEEP

    196608:cArNeCxfbaX8iiis4hTJURfdeN0YFJMIDJ+gsAGKpRz6QOm5n82ygTdF:HJ7zaXZscJ6fGnFqy+gsizF1r

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\senex-paid-UPDATED.exe
    "C:\Users\Admin\AppData\Local\Temp\senex-paid-UPDATED.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\senex-paid-UPDATED.exe
      "C:\Users\Admin\AppData\Local\Temp\senex-paid-UPDATED.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\python310.dll
    Filesize

    1.4MB

    MD5

    196deb9a74e6e9e242f04008ea80f7d3

    SHA1

    a54373ebad306f3e6f585bcdf1544fbdcf9c0386

    SHA256

    20b004bfe69166c4961fee93163e795746df39fb31dc67399c0fde57f551eb75

    SHA512

    8c226d3ef21f3ddeee14a098c60ef030fa78590e9505d015ce63ea5e5bbcea2e105ff818e94653df1bddc9ba6ed3b376a1dff5c19266b623fa22cd75ac263b68

    Download Submit

  • memory/2852-48-0x000007FEF6430000-0x000007FEF689E000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2852-49-0x000007FEF6430000-0x000007FEF689E000-memory.dmp

    Filesize

    4.4MB

    Download