c6eaebad13292d911cf4aa9b576d4f6d56ee7132ff1d425eae109de557f9152f

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ee4059d1c9ae9597e4623aa54eac9af.exe
Size

1.3MB
MD5

9ee4059d1c9ae9597e4623aa54eac9af
SHA1

a6a8f547cfb9c2eaa21651cd90ec17b7b6065c80
SHA256

c6eaebad13292d911cf4aa9b576d4f6d56ee7132ff1d425eae109de557f9152f
SHA512

71ece6adf20fdb553981a0b5880f3abcfdf8c6a94049eec800a215e543834a95d31082e3dc8f93cc1f387298a02282c7c83f04ce356bf55b63dafc2830179033
SSDEEP

24576:gQOJ5rL4avAzWXNVCQG4QWaTli9cNSFlIjpjpKj1RjVb2bUj8Kr0vG:2dLR3VFmJidFlQNKBLAo8K

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2680	9ee4059d1c9ae9597e4623aa54eac9af.exe

Executes dropped EXE 1 IoCs

pid	Process
2680	9ee4059d1c9ae9597e4623aa54eac9af.exe

Loads dropped DLL 1 IoCs

pid	Process
3048	9ee4059d1c9ae9597e4623aa54eac9af.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3048-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x00090000000120e1-11.dat	upx
behavioral1/files/0x00090000000120e1-14.dat	upx
behavioral1/memory/3048-15-0x00000000033F0000-0x000000000385A000-memory.dmp	upx
behavioral1/memory/2680-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3048	9ee4059d1c9ae9597e4623aa54eac9af.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3048	9ee4059d1c9ae9597e4623aa54eac9af.exe
2680	9ee4059d1c9ae9597e4623aa54eac9af.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2680	3048	9ee4059d1c9ae9597e4623aa54eac9af.exe	28
PID 3048 wrote to memory of 2680	3048	9ee4059d1c9ae9597e4623aa54eac9af.exe	28
PID 3048 wrote to memory of 2680	3048	9ee4059d1c9ae9597e4623aa54eac9af.exe	28
PID 3048 wrote to memory of 2680	3048	9ee4059d1c9ae9597e4623aa54eac9af.exe	28

C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe
"C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe
  C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe

Filesize
21KB

MD5
befdce6cf9e13be0788797a53e30b3fb

SHA1
e70cc94289ae2d76b848e0bd6b0183246b00a2db

SHA256
768a3ef1cfb944fd0d8cfff1b0f495df69d9c46ae5d4f595cabe73c012371d37

SHA512
e5f9c6575232319b9530296f89e9b70bf22fe6361950480ac3ca54f3955cbbeab3c8a41750fbb89e9da9edfc969665a01937017daa3b860e6755389577c27962

Download Submit
\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe

Filesize
832KB

MD5
a3c8b19bdcd2e20921c8aef7157ec42c

SHA1
61c5ea24b469d6b83dc47ff3043a798e7d237285

SHA256
3d7c449539a55d1133ec01cfc11abddb12fac3f91e0f4c576d44403812623ff4

SHA512
35f2806f9e4ecbc8bccd39817b273b3d78b0cc386b9b9ee98ec84ce08b1ec709180cc41a0e6078ffcdbc85f82d0541c87f30fee4de3b9295ea96286edae0bc94

Download Submit
memory/2680-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2680-20-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2680-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2680-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3048-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3048-1-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/3048-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3048-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3048-15-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download