da4d05334c6e7cc8ef2251d0dc9ab45f0d8174a32a46c8fae20615cf7dd43a8d

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56ee3ebf7adc4de6393bcbc27ae235e9.exe
Size

2.4MB
MD5

56ee3ebf7adc4de6393bcbc27ae235e9
SHA1

da74cd6437d4cf62d4244df8516b3d5fa6b69bf8
SHA256

da4d05334c6e7cc8ef2251d0dc9ab45f0d8174a32a46c8fae20615cf7dd43a8d
SHA512

d895a0e99d50621c9ffd187e66b4aa59a8f06f4277fc5e14ec0ae731cd13760a8fb128dfe59f3d36fd93aaf68573b2ed0da4b2e34a0e4e070036e7d81260b33e
SSDEEP

49152:Ezb1pENOTfnkmvx3pDKIzWik7JsbRPP4M338dB2IBlGuuDVUsdxxjr:4E0bJ9Kak7qbRPgg3gnl/IVUs1jr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1724	56ee3ebf7adc4de6393bcbc27ae235e9.exe

Executes dropped EXE 1 IoCs

pid	Process
1724	56ee3ebf7adc4de6393bcbc27ae235e9.exe

Loads dropped DLL 1 IoCs

pid	Process
2948	56ee3ebf7adc4de6393bcbc27ae235e9.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2948-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a0000000126af-15.dat	upx
behavioral1/memory/1724-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a0000000126af-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2948	56ee3ebf7adc4de6393bcbc27ae235e9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2948	56ee3ebf7adc4de6393bcbc27ae235e9.exe
1724	56ee3ebf7adc4de6393bcbc27ae235e9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 1724	2948	56ee3ebf7adc4de6393bcbc27ae235e9.exe	28
PID 2948 wrote to memory of 1724	2948	56ee3ebf7adc4de6393bcbc27ae235e9.exe	28
PID 2948 wrote to memory of 1724	2948	56ee3ebf7adc4de6393bcbc27ae235e9.exe	28
PID 2948 wrote to memory of 1724	2948	56ee3ebf7adc4de6393bcbc27ae235e9.exe	28

C:\Users\Admin\AppData\Local\Temp\56ee3ebf7adc4de6393bcbc27ae235e9.exe
"C:\Users\Admin\AppData\Local\Temp\56ee3ebf7adc4de6393bcbc27ae235e9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\56ee3ebf7adc4de6393bcbc27ae235e9.exe
  C:\Users\Admin\AppData\Local\Temp\56ee3ebf7adc4de6393bcbc27ae235e9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\56ee3ebf7adc4de6393bcbc27ae235e9.exe

Filesize
118KB

MD5
13c7ba94d1dc555a305be756b1873c58

SHA1
6b9c0045d2247093cbf51494643c99f4e52f91f9

SHA256
19afbea801e19eeffdd4cc729d980a9e37a5ed48cdcded0124be15e208d7f7f4

SHA512
934ecdc98eb52752b2d644c6b4e57eca3d650d6b6b9166156d2ecd989c268a3a9e3a164e361eaff4c65c37fac79a02ebf811c12f911c758a7dc8fe2711de7bf3

Download Submit
\Users\Admin\AppData\Local\Temp\56ee3ebf7adc4de6393bcbc27ae235e9.exe

Filesize
295KB

MD5
e8cfb44eed47a525c9e9c9c9c43b872e

SHA1
9ff49f1271c7fe12320442c81a8b783bcc79ac44

SHA256
ef165053012fb3a7efd2febc1f3445a0a3ab2ccb1eaf9f22c291d918428b645a

SHA512
2ac207536f369c76988a213e50ae37d9d7792e9654c1e539b205e337ed92113325f64a95de9b062e7ef1875fac219b3ae64445bd05ea521927b252fdbf266c45

Download Submit
memory/1724-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1724-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1724-19-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/1724-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1724-25-0x0000000003530000-0x000000000375A000-memory.dmp

Filesize
2.2MB

Download
memory/1724-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2948-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2948-14-0x00000000036F0000-0x0000000003BDF000-memory.dmp

Filesize
4.9MB

Download
memory/2948-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2948-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2948-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2948-31-0x00000000036F0000-0x0000000003BDF000-memory.dmp

Filesize
4.9MB

Download