9d2c845c497b734d8cfa74b90cbb1191fc25de53652c8b4d510a23cca75dfba7

Analysis

max time kernel
600s
max time network
366s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IM00114PRES.exe
Size

12.0MB
MD5

0788c6ffcf438e660909c108c60984d4
SHA1

e36b267a952dbc7f3d2dc09cb087a44af43a5ae3
SHA256

9d2c845c497b734d8cfa74b90cbb1191fc25de53652c8b4d510a23cca75dfba7
SHA512

1590776a8f40ef600624e01fee8d74823793dfec059bb8fd3099629b31b5a2e189708ee298243e90ac44e27c43078ed4291a652434e003761f9dd3dcf627b69d
SSDEEP

49152:NFZaH72h213UhRjvtw2WvwMwB9ydpyn4ewRcuBaHaK0NyqZm8NPnroNygC8aCOku:NFH21

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2620-32-0x0000000013140000-0x0000000014A74000-memory.dmp	upx

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

IM00114PRES.exeIM00114PRES.exe

description	pid	Process	procid_target
PID 1196 wrote to memory of 2620	1196	IM00114PRES.exe	30
PID 1196 wrote to memory of 2620	1196	IM00114PRES.exe	30
PID 1196 wrote to memory of 2620	1196	IM00114PRES.exe	30
PID 1196 wrote to memory of 2620	1196	IM00114PRES.exe	30
PID 1196 wrote to memory of 2780	1196	IM00114PRES.exe	31
PID 1196 wrote to memory of 2780	1196	IM00114PRES.exe	31
PID 1196 wrote to memory of 2780	1196	IM00114PRES.exe	31
PID 1196 wrote to memory of 2780	1196	IM00114PRES.exe	31
PID 1196 wrote to memory of 2620	1196	IM00114PRES.exe	30
PID 1196 wrote to memory of 2620	1196	IM00114PRES.exe	30
PID 2780 wrote to memory of 1632	2780	IM00114PRES.exe	32
PID 2780 wrote to memory of 1632	2780	IM00114PRES.exe	32
PID 2780 wrote to memory of 1632	2780	IM00114PRES.exe	32
PID 2780 wrote to memory of 1632	2780	IM00114PRES.exe	32
PID 2780 wrote to memory of 1632	2780	IM00114PRES.exe	32
PID 2780 wrote to memory of 1632	2780	IM00114PRES.exe	32

C:\Users\Admin\AppData\Local\Temp\IM00114PRES.exe
"C:\Users\Admin\AppData\Local\Temp\IM00114PRES.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\windows\syswow64\msinfo32.exe
  C:\windows\syswow64\msinfo32.exe
  2⤵
  PID:2620
- C:\Users\Admin\AppData\Local\Temp\IM00114PRES.exe
  C:\Users\Admin\AppData\Local\Temp\IM00114PRES.exe CMKAUWWWWWWA
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\windows\syswow64\msinfo32.exe
    C:\windows\syswow64\msinfo32.exe
    3⤵
    PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-33-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/1196-2-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1196-0-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1196-3-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/1196-4-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/1196-25-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/1196-26-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/1196-27-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/1196-48-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/1196-1-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/2620-30-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2620-32-0x0000000013140000-0x0000000014A74000-memory.dmp

Filesize
25.2MB

Download
memory/2620-29-0x0000000013140000-0x0000000014A74000-memory.dmp

Filesize
25.2MB

Download
memory/2780-34-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/2780-35-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2780-37-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/2780-39-0x0000000000400000-0x0000000001002000-memory.dmp

Filesize
12.0MB

Download
memory/2780-28-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download