9d4588939d4641d728aa0db1d94145fe7764c3c10aa3bc510e7036a0e649a2da

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a33c9f1e98c6d6a403ba5c5d60756eb3.exe
Size

5.3MB
MD5

a33c9f1e98c6d6a403ba5c5d60756eb3
SHA1

62d8700ced6e9e255608a0f275a5450d2bd629b1
SHA256

9d4588939d4641d728aa0db1d94145fe7764c3c10aa3bc510e7036a0e649a2da
SHA512

6c3c5f590966e14e0afe58547ecf33b1a5a33d8f23f53a029d5fc24319838d89f842ff4fc782f55a257b0247f9706623b76c2f0d145233ea75c36ad568741a37
SSDEEP

98304:aH1GQvVG4XpggGO9QQQM+kBQ0G4XpggGO9QQQ:aH1XXprZaxoQWXprZa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1740	a33c9f1e98c6d6a403ba5c5d60756eb3.exe

Executes dropped EXE 1 IoCs

pid	Process
1740	a33c9f1e98c6d6a403ba5c5d60756eb3.exe

Loads dropped DLL 1 IoCs

pid	Process
1244	a33c9f1e98c6d6a403ba5c5d60756eb3.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1244-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a00000001224d-11.dat	upx
behavioral1/files/0x000a00000001224d-13.dat	upx
behavioral1/files/0x000a00000001224d-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1244	a33c9f1e98c6d6a403ba5c5d60756eb3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1244	a33c9f1e98c6d6a403ba5c5d60756eb3.exe
1740	a33c9f1e98c6d6a403ba5c5d60756eb3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 1740	1244	a33c9f1e98c6d6a403ba5c5d60756eb3.exe	28
PID 1244 wrote to memory of 1740	1244	a33c9f1e98c6d6a403ba5c5d60756eb3.exe	28
PID 1244 wrote to memory of 1740	1244	a33c9f1e98c6d6a403ba5c5d60756eb3.exe	28
PID 1244 wrote to memory of 1740	1244	a33c9f1e98c6d6a403ba5c5d60756eb3.exe	28

C:\Users\Admin\AppData\Local\Temp\a33c9f1e98c6d6a403ba5c5d60756eb3.exe
"C:\Users\Admin\AppData\Local\Temp\a33c9f1e98c6d6a403ba5c5d60756eb3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Users\Admin\AppData\Local\Temp\a33c9f1e98c6d6a403ba5c5d60756eb3.exe
  C:\Users\Admin\AppData\Local\Temp\a33c9f1e98c6d6a403ba5c5d60756eb3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a33c9f1e98c6d6a403ba5c5d60756eb3.exe

Filesize
227KB

MD5
8466100a25727dbc8e0791cf49c42f95

SHA1
675fff23025e61268f7e5487782d0971e5d6c5c5

SHA256
d5c8a4dd935bf4d5b8be802d1bc6602bdfe3d6e17b6f79540f428332814f874a

SHA512
f14c861995fc08bd66bbbe56750ea911e44e68ff3a4842b4720edab7aea60a1adc368937e3b317833536bbef6197ff08250733a70b0c75f11f45c8c607994c9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\a33c9f1e98c6d6a403ba5c5d60756eb3.exe

Filesize
89KB

MD5
0db9d4907962028a39bdc58d318afff5

SHA1
0dae107392a35af0ec8d3fd50f74c54e6f0dac52

SHA256
1675ecb1df166606d7914780567c0d7454f568cc3c7d7a231d1d492842bb409b

SHA512
8d8b098307acbfe13adac110335f08ceb004669388a6fb0c8d263aa41adb72f1d96372ddd494a5bb887d478efee3d167bf3811c8e82856aa2378373d1502b78d

Download Submit
\Users\Admin\AppData\Local\Temp\a33c9f1e98c6d6a403ba5c5d60756eb3.exe

Filesize
217KB

MD5
c7e5375f33843ec4cecf4b8cfb26cd91

SHA1
9084026e06f7808ffe924a9657082d92dbee310c

SHA256
60c6552745e4068cd823eb4a579c3dc4367c087cca4784a27eb8fa589cd7774c

SHA512
4842af1507fb4b6fe42c5ea021241e35a0909aa8776521fbda65ae3ce88f2467fb1191828e1a5fcf3e311961d838e93fe95001268b26048c657ebbdd695bce70

Download Submit
memory/1244-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1244-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1244-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1244-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1740-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1740-17-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1740-19-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1740-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download