Overview

overview

10

Static

static

10

malware.exe

windows7-x64

7

malware.exe

windows10-2004-x64

9

Resubmissions

02-01-2025 14:41

250102-r2pmqavqf1 10

02-01-2025 14:36

250102-ryvdssyjam 10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    malware.exe

  • Size

    74.7MB

  • MD5

    7d60377131a89d5a04bb4e7d9ea1d34c

  • SHA1

    447403e3a5e282549268a1aab274a692f093c8c9

  • SHA256

    90a304e19ad39cd162f6350b83b58a72be636b49b358cbbd4d000a4b2b0c11e7

  • SHA512

    31471afa22d063b238d1f17c680d5c86e406a8f0f48375ab161e5225a56f8ca41b7d4d7d51fd0b605a906eeea47240b0eb2e7f5c7408ef2b96c397a3af1ac8d8

  • SSDEEP

    1572864:rVjlaWaDuSk8IpG7V+VPhqYdflJDgxolhBiYweyJulZUdg2rUWeEaqZ9UW:BAZuSkB05awcflhgxoLGpuSrZ9U

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\malware.exe
    "C:\Users\Admin\AppData\Local\Temp\malware.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Users\Admin\AppData\Local\Temp\malware.exe
      "C:\Users\Admin\AppData\Local\Temp\malware.exe"
      2⤵
      • Loads dropped DLL
      PID:1480
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1060

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI19802\python312.dll
      Filesize

      1.7MB

      MD5

      73ecc8d4decf6f198d6505bde482e37a

      SHA1

      ed30f5bd628b4a5de079062ea9b909b99807021c

      SHA256

      b598545be6c99f7db852a510768ecf80ed353fad3989af342bc6faf66fd64648

      SHA512

      56923c477d35680aed73980e0404768f841da868ca11f39888caff0fc06f4ae906551b4bd47f98dda2cc2d81ea9eed17fa7c17aa59d4d7c37510ba24d7ac5976

      Download Submit

    • memory/1480-1263-0x000007FEF6320000-0x000007FEF69E5000-memory.dmp

      Filesize

      6.8MB

      Download