e9f76bb5c237e972e93c94f94a6d11a6729b0328da25d8bd7bee8cee182a79a2

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

914df3749a9a73a691397ca32a2ea2ad.exe
Size

2.9MB
MD5

914df3749a9a73a691397ca32a2ea2ad
SHA1

fc02355cbb788213d2d2179fc0d8598f74d5e5d7
SHA256

e9f76bb5c237e972e93c94f94a6d11a6729b0328da25d8bd7bee8cee182a79a2
SHA512

3bc26f9e3cd3c9e4a8057fe07232d3ac6cac01ee79b086c38569e07e2c3a937b0539ad0410744cbfad065854b3a6be686601149f5425bbb638c5ac36f2d54c75
SSDEEP

49152:PmJ+Dv/j9fbTs8vEoYxe0iOTGeP0+xNaop9loFc9baQjcZQohrPe81:i+T/j93qzM0tKbeL1XN2a81

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2536	914df3749a9a73a691397ca32a2ea2ad.exe

Executes dropped EXE 1 IoCs

pid	Process
2536	914df3749a9a73a691397ca32a2ea2ad.exe

Loads dropped DLL 1 IoCs

pid	Process
1712	914df3749a9a73a691397ca32a2ea2ad.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012251-13.dat	upx
behavioral1/files/0x000d000000012251-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1712	914df3749a9a73a691397ca32a2ea2ad.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1712	914df3749a9a73a691397ca32a2ea2ad.exe
2536	914df3749a9a73a691397ca32a2ea2ad.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2536	1712	914df3749a9a73a691397ca32a2ea2ad.exe	17
PID 1712 wrote to memory of 2536	1712	914df3749a9a73a691397ca32a2ea2ad.exe	17
PID 1712 wrote to memory of 2536	1712	914df3749a9a73a691397ca32a2ea2ad.exe	17
PID 1712 wrote to memory of 2536	1712	914df3749a9a73a691397ca32a2ea2ad.exe	17

C:\Users\Admin\AppData\Local\Temp\914df3749a9a73a691397ca32a2ea2ad.exe
"C:\Users\Admin\AppData\Local\Temp\914df3749a9a73a691397ca32a2ea2ad.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\914df3749a9a73a691397ca32a2ea2ad.exe
  C:\Users\Admin\AppData\Local\Temp\914df3749a9a73a691397ca32a2ea2ad.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\914df3749a9a73a691397ca32a2ea2ad.exe

Filesize
89KB

MD5
87d120780cdd228bf693416e6acd1efc

SHA1
149fbbcfe29ddc149fb4eeff0a12f119d1e2b9d1

SHA256
2c0639af0bcaa91bb7df137831fd49f3e757c31d23df33ba3d5a2aca1ba03380

SHA512
fde6d5c7c5981f329922b78b30668810497db78cb5acc21dcec426ff922d3891a79b2e7f088d06a97d25ac97a5f8a1de1beb6d69d77d1437a8a73c5858956022

Download Submit
\Users\Admin\AppData\Local\Temp\914df3749a9a73a691397ca32a2ea2ad.exe

Filesize
146KB

MD5
c5581326234b3a6a1caecb70ab22b1a3

SHA1
51719946721dc9138fa629b72dc252704e67c110

SHA256
07bafb350871f40e44dc55ba44603694fed926c5332c88b4588aaad82d602d67

SHA512
5c24b5475877822dc24f2eb533d752775b5d6764f848ebc0981b9eec5229494b2e4324d13bf624eaece29ecf2f3b1fb0b697cb66f52510d0f27f48710113cf6d

Download Submit
memory/1712-15-0x0000000003910000-0x0000000003DFF000-memory.dmp

Filesize
4.9MB

Download
memory/1712-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1712-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1712-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1712-2-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2536-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2536-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2536-26-0x0000000003700000-0x000000000392A000-memory.dmp

Filesize
2.2MB

Download
memory/2536-20-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2536-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2536-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download