8288d898918ce69db6c9005c313e287790059544f1b40615d8179292c8baa9fb

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

addd3dbc9e4f4f99618a4a3788b6f332.exe
Size

1.5MB
MD5

addd3dbc9e4f4f99618a4a3788b6f332
SHA1

71a40b9ef4caf389cd952e65431200d57176fa8e
SHA256

8288d898918ce69db6c9005c313e287790059544f1b40615d8179292c8baa9fb
SHA512

8fe036262a69a9121a6aea5636553d59ec0a47c844e1ead337d1039c47d0630d6d08b02e4e89fe59126616992ba1854aae11b661acccd85e694fac7bc5c9a49c
SSDEEP

24576:/b6sS16PQj9WVzxRQZDQavL5PpoLEX3w4QZwP7ZZqOf7lAmqgcaXApUEoaQs7t9g:/b6N16U9IzxRQrvL5poL4w4TTZbzTqLx

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2592	addd3dbc9e4f4f99618a4a3788b6f332.exe

Executes dropped EXE 1 IoCs

pid	Process
2592	addd3dbc9e4f4f99618a4a3788b6f332.exe

Loads dropped DLL 1 IoCs

pid	Process
2320	addd3dbc9e4f4f99618a4a3788b6f332.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b0000000139e0-13.dat	upx
behavioral1/files/0x000b0000000139e0-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2320	addd3dbc9e4f4f99618a4a3788b6f332.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2320	addd3dbc9e4f4f99618a4a3788b6f332.exe
2592	addd3dbc9e4f4f99618a4a3788b6f332.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2592	2320	addd3dbc9e4f4f99618a4a3788b6f332.exe	17
PID 2320 wrote to memory of 2592	2320	addd3dbc9e4f4f99618a4a3788b6f332.exe	17
PID 2320 wrote to memory of 2592	2320	addd3dbc9e4f4f99618a4a3788b6f332.exe	17
PID 2320 wrote to memory of 2592	2320	addd3dbc9e4f4f99618a4a3788b6f332.exe	17

C:\Users\Admin\AppData\Local\Temp\addd3dbc9e4f4f99618a4a3788b6f332.exe
"C:\Users\Admin\AppData\Local\Temp\addd3dbc9e4f4f99618a4a3788b6f332.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\addd3dbc9e4f4f99618a4a3788b6f332.exe
  C:\Users\Admin\AppData\Local\Temp\addd3dbc9e4f4f99618a4a3788b6f332.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\addd3dbc9e4f4f99618a4a3788b6f332.exe

Filesize
196KB

MD5
11b6b5c99d713587ed554f49d708cb3f

SHA1
44fa4c3501df236b72a2aee3fb0d8613c2867e84

SHA256
e8b04141ab1178b05f7322347c35584d01b2d3e66cbfccf96b3e36984231d5a9

SHA512
10f28c861f323b9d084d91214283c2ea8be65cb14d7a9a0ec44797151bbf641ebe5a92d15f92939b4d3f16a9ec181bf30dd72e89097cb5eb58c760158152c0b5

Download Submit
\Users\Admin\AppData\Local\Temp\addd3dbc9e4f4f99618a4a3788b6f332.exe

Filesize
410KB

MD5
e35cbbc7bc5badbbf52dfce8805146e6

SHA1
3a6293bab2b93ed2164e5047bdc426555c1762c8

SHA256
0a38edf6a9e0f725884e1159d9050caf8312c71475ce1261c1fce001ddb3ddf2

SHA512
0936a7985e4cc51f122a543826dc25866eaefca85f9856ff06ee9a9107d524f5d4415439c540b5a05a916fb9168f16dcedba9ca00fe985c1554436a233be988b

Download Submit
memory/2320-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2320-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2320-15-0x00000000035C0000-0x0000000003AAF000-memory.dmp

Filesize
4.9MB

Download
memory/2320-3-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2320-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2320-30-0x00000000035C0000-0x0000000003AAF000-memory.dmp

Filesize
4.9MB

Download
memory/2592-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2592-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2592-25-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/2592-17-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2592-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download