dac1fb4c1d7439262c199a4b945c1b34573329098c693e1fff21b698e8ed4561

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

828ed0d273d9025e31ad1f17a92b620e.exe
Size

1.5MB
MD5

828ed0d273d9025e31ad1f17a92b620e
SHA1

06fb21c6b93c1eb0dade89e0e9c9d475538ca7f8
SHA256

dac1fb4c1d7439262c199a4b945c1b34573329098c693e1fff21b698e8ed4561
SHA512

f1576ef3e65d80b87c0dde67512786238ac4e4ad9425f1e49fb9cf7a4b865041b384c6578a30d62bfc8f0df7f00c97c98abdc2971b59dd6768001d897b1e3848
SSDEEP

24576:puoHMxv1fcazFF+ZBocEYxmRD+ylrLiJ1rQj0DR1sTvocW:FQxzFF+ZacElF0vs0DR1sjoc

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2156	828ed0d273d9025e31ad1f17a92b620e.exe

Executes dropped EXE 1 IoCs

pid	Process
2156	828ed0d273d9025e31ad1f17a92b620e.exe

Loads dropped DLL 1 IoCs

pid	Process
2496	828ed0d273d9025e31ad1f17a92b620e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2496-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012266-14.dat	upx
behavioral1/files/0x000c000000012266-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2496	828ed0d273d9025e31ad1f17a92b620e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2496	828ed0d273d9025e31ad1f17a92b620e.exe
2156	828ed0d273d9025e31ad1f17a92b620e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2156	2496	828ed0d273d9025e31ad1f17a92b620e.exe	28
PID 2496 wrote to memory of 2156	2496	828ed0d273d9025e31ad1f17a92b620e.exe	28
PID 2496 wrote to memory of 2156	2496	828ed0d273d9025e31ad1f17a92b620e.exe	28
PID 2496 wrote to memory of 2156	2496	828ed0d273d9025e31ad1f17a92b620e.exe	28

C:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe
"C:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe
  C:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe

Filesize
66KB

MD5
c1b768392f4430abb7dc59b20056b364

SHA1
23cbcddc5624d9fa2a87fa48a18eb4a64a9d17e7

SHA256
e8b56dbd7593f9e194520b7d773b4ac4a716f2a7b177449ea823f06fb751a200

SHA512
c324b13dbdefd53d2c77cd00e89c4df7fb670efdc572a57dfe9dc916fa35dd4e76ef86482b4ac40e39512fa6cfde9edcf394cab2532c911c63c011020461dc4e

Download Submit
\Users\Admin\AppData\Local\Temp\828ed0d273d9025e31ad1f17a92b620e.exe

Filesize
149KB

MD5
7a82a0a3bcf5742b183f2e2fcc3769b5

SHA1
586a3238ca6c70df7364dc2110d0be12404226af

SHA256
3d1d6b843d46dea7915478eadef37f2b4f0b2c3447e18895eef68aa0dd673772

SHA512
d3c32fc1421476af1c3d2143a3e30147fb3120efc7b0abf6c00d158ade9d38ffcbc47e1a2bef505a005533ee383682e9a6915e8ec3fa9999794584b98d61157c

Download Submit
memory/2156-24-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/2156-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2156-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2156-20-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2156-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2156-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2496-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2496-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2496-15-0x00000000034F0000-0x00000000039DF000-memory.dmp

Filesize
4.9MB

Download
memory/2496-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2496-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download