934467558c7f5e524f1b60b4c7489276d04511d418899f90203f08ca4a64ea9b

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afc4f96b05b7bca79e6440bdd04ab7ce.exe
Size

2.7MB
MD5

afc4f96b05b7bca79e6440bdd04ab7ce
SHA1

eaa5b45e298d9216f66ab9d86d3c9edac0f3fad3
SHA256

934467558c7f5e524f1b60b4c7489276d04511d418899f90203f08ca4a64ea9b
SHA512

427b6d8129848327fc2f87e04b365238a026c344960fccdfe9a23b564dc6eaf812ae9dffee3d1b0a09127fd785ff61f4c909eacb1639cbd86a87d980c645e1f5
SSDEEP

49152:G5514GLst9MHGk5/P/TNbmAVffrZolfWyIReJ6Sp6jpwjSe6VMq5a0a9Srf:O52JmGk5/P/ZmAVnrZolTYSINmwe0Awf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2940	afc4f96b05b7bca79e6440bdd04ab7ce.exe

Executes dropped EXE 1 IoCs

pid	Process
2940	afc4f96b05b7bca79e6440bdd04ab7ce.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	afc4f96b05b7bca79e6440bdd04ab7ce.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2940-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000013a1a-13.dat	upx
behavioral1/files/0x000a000000013a1a-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	afc4f96b05b7bca79e6440bdd04ab7ce.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	afc4f96b05b7bca79e6440bdd04ab7ce.exe
2940	afc4f96b05b7bca79e6440bdd04ab7ce.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2940	2204	afc4f96b05b7bca79e6440bdd04ab7ce.exe	16
PID 2204 wrote to memory of 2940	2204	afc4f96b05b7bca79e6440bdd04ab7ce.exe	16
PID 2204 wrote to memory of 2940	2204	afc4f96b05b7bca79e6440bdd04ab7ce.exe	16
PID 2204 wrote to memory of 2940	2204	afc4f96b05b7bca79e6440bdd04ab7ce.exe	16

C:\Users\Admin\AppData\Local\Temp\afc4f96b05b7bca79e6440bdd04ab7ce.exe
"C:\Users\Admin\AppData\Local\Temp\afc4f96b05b7bca79e6440bdd04ab7ce.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\afc4f96b05b7bca79e6440bdd04ab7ce.exe
  C:\Users\Admin\AppData\Local\Temp\afc4f96b05b7bca79e6440bdd04ab7ce.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\afc4f96b05b7bca79e6440bdd04ab7ce.exe

Filesize
7KB

MD5
9bbd0b9acc702de368b0ddfa2562e664

SHA1
f7e76de16164a1b669113bdfbbca9d876f2c7f0c

SHA256
c7dd5be297e03d3b18b45933a909c157891a9b40803c1c67c539b7d500334aa2

SHA512
5bc41d91faf9bbf568bcdeb7537fbada1492be48f9cb0b26852491098163f54c33567627e77174e7c9b2634552c9f6e45504f7eb653ba3524c78be7554621110

Download Submit
\Users\Admin\AppData\Local\Temp\afc4f96b05b7bca79e6440bdd04ab7ce.exe

Filesize
18KB

MD5
95d7e41faf72039b56555548ce573e95

SHA1
2625cb192bbaf947e44cec47ad2b33496c123743

SHA256
5218113561d19f3ac154de86a334b33beed51ed525bf77a380d95e002287b0cc

SHA512
a456306cd0349e1ab27c7c630fb6d810d74c226b1473face94eb0cc6f644213b5942a5a4a950357850a41f3829511b859c91bcfb7e774a141b2c0d15115c8c79

Download Submit
memory/2204-15-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/2204-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2204-31-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/2940-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2940-25-0x00000000034D0000-0x00000000036FA000-memory.dmp

Filesize
2.2MB

Download
memory/2940-19-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2940-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download