c2f7daab60ba583ced665a371b913ce6eebb32c07bc894e01e9f41c2039a5abe

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa75288db6ec1c283499248d40d2d77e.exe
Size

1.5MB
MD5

aa75288db6ec1c283499248d40d2d77e
SHA1

60825864d90612c73030fa3c771ce25cef734cd3
SHA256

c2f7daab60ba583ced665a371b913ce6eebb32c07bc894e01e9f41c2039a5abe
SHA512

cf4f1b3376588d73d78766b60b720595ecbe3656a30fbb2c473f5d1b7dc16554dd2c72a5399337cb46a71a9cb1495bb0fa0bbe6de303cdd6f548ab05e0a73254
SSDEEP

24576:mRXThNhKWFHT4g67qi/2WTQZaY5GoLhm4/xqBu0+9+ty/KW:AnKWFHMR7uWTQDGoL7xqBEgty/K

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2988	aa75288db6ec1c283499248d40d2d77e.exe

Executes dropped EXE 1 IoCs

pid	Process
2988	aa75288db6ec1c283499248d40d2d77e.exe

Loads dropped DLL 1 IoCs

pid	Process
2364	aa75288db6ec1c283499248d40d2d77e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000015c33-13.dat	upx
behavioral1/files/0x0009000000015c33-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2364	aa75288db6ec1c283499248d40d2d77e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2364	aa75288db6ec1c283499248d40d2d77e.exe
2988	aa75288db6ec1c283499248d40d2d77e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2988	2364	aa75288db6ec1c283499248d40d2d77e.exe	28
PID 2364 wrote to memory of 2988	2364	aa75288db6ec1c283499248d40d2d77e.exe	28
PID 2364 wrote to memory of 2988	2364	aa75288db6ec1c283499248d40d2d77e.exe	28
PID 2364 wrote to memory of 2988	2364	aa75288db6ec1c283499248d40d2d77e.exe	28

C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe
"C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe
  C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe

Filesize
524KB

MD5
dcc9e25b23bf5eb8d0f717d462778885

SHA1
d5d711250c44c843ae9fc7199da12bd3568a8fd8

SHA256
5ecdb844a281f81bf063dae562da103c050df8988dd7653c375ba4daa91d5415

SHA512
fc158a7b49f2e6e94f688252ffc379423b35576ff45c663312ec864a5966d532899ce11968851ebda99e91e1d2c84a97436311daed782a06ff4a8d1ac7e94f68

Download Submit
\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe

Filesize
680KB

MD5
bcdf738e32e4e92c996e18c0951c3720

SHA1
d9ca379573aa026a400b1e8c02aa009e8e275434

SHA256
261dc9dba9e21fc4ae5722047ca864453f811abeff5e5625f55601ee50490ff8

SHA512
072d7708d63d044ad99c00549af4699777f11875fd22fe4b14a8fab3b86abf56ee041c20c9e5c6dbdc9744bd4164202ce4e39c92f5172a867bcd734f5abf8d11

Download Submit
memory/2364-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2364-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2364-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2364-16-0x00000000036A0000-0x0000000003B8F000-memory.dmp

Filesize
4.9MB

Download
memory/2364-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2364-30-0x00000000036A0000-0x0000000003B8F000-memory.dmp

Filesize
4.9MB

Download
memory/2988-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2988-26-0x00000000034D0000-0x00000000036FA000-memory.dmp

Filesize
2.2MB

Download
memory/2988-18-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2988-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download