Overview

overview

10

Static

static

10

Files/0018...8a.exe

windows7-x64

10

Files/0018...8a.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Files/059c...6b.exe

windows7-x64

3

Files/059c...6b.exe

windows10-2004-x64

3

Files/0761...50.exe

windows7-x64

5

Files/0761...50.exe

windows10-2004-x64

5

Files/0b4a...e6.exe

windows7-x64

10

Files/0b4a...e6.exe

windows10-2004-x64

10

Files/0c10...54.rtf

windows7-x64

8

Files/0c10...54.rtf

windows10-2004-x64

1

Files/0dc6...d8.exe

windows7-x64

7

Files/0dc6...d8.exe

windows10-2004-x64

7

Files/0def...d1.exe

windows7-x64

5

Files/0def...d1.exe

windows10-2004-x64

7

Files/0f64...5d.exe

windows7-x64

10

Files/0f64...5d.exe

windows10-2004-x64

10

Files/0fe5...05.exe

windows7-x64

10

Files/0fe5...05.exe

windows10-2004-x64

10

Files/1150...16.exe

windows7-x64

8

Files/1150...16.exe

windows10-2004-x64

10

Files/11c8...ba.exe

windows7-x64

10

Files/11c8...ba.exe

windows10-2004-x64

10

Files/15e3...5e.exe

windows7-x64

8

Files/15e3...5e.exe

windows10-2004-x64

8

Files/1ca4...74.exe

windows7-x64

10

Files/1ca4...74.exe

windows10-2004-x64

10

Files/1dc7...d8.exe

windows7-x64

5

Files/1dc7...d8.exe

windows10-2004-x64

5

Files/1fb0...c1.exe

windows7-x64

3

Files/1fb0...c1.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    60s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Files/1dc75c16bf526f435cbdf05c73df57040791b7809d64e158b0b66565e444b3d8.exe

  • Size

    121KB

  • MD5

    cfb23e22eacdf2343fc0f792b49b55c9

  • SHA1

    5bb717295c8bd95f81b840257b39e0957e967e5a

  • SHA256

    1dc75c16bf526f435cbdf05c73df57040791b7809d64e158b0b66565e444b3d8

  • SHA512

    c283d7c9f175f5ca8215ae394bf1938e80feb8e0e50e280ce0903f4fe59560553ac32ca28924f84430d889ef19c44a0db88cc3e74750bfbbd2fbb0209ef2fbf7

  • SSDEEP

    3072:PrYgvm0rkfpICpDsZipXW7SSJz6OFHO8UnXRZrZG:PEgvm0gpGgXuJdJAB

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Files\1dc75c16bf526f435cbdf05c73df57040791b7809d64e158b0b66565e444b3d8.exe
    "C:\Users\Admin\AppData\Local\Temp\Files\1dc75c16bf526f435cbdf05c73df57040791b7809d64e158b0b66565e444b3d8.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    PID:3456
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 224
      2⤵
      • Program crash
      PID:3684
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3456 -ip 3456
    1⤵
      PID:1768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3456-0-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/3456-2-0x00000000001D0000-0x00000000001ED000-memory.dmp

      Filesize

      116KB

      Download

    • memory/3456-1-0x00000000001C0000-0x00000000001CA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3456-4-0x00000000001D0000-0x00000000001ED000-memory.dmp

      Filesize

      116KB

      Download

    • memory/3456-3-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download