a3420250efb10458fb210270e5b0206fd5a4fe4114136cbadde084d4ef69da89

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd56814b308d5a9c89ae412c52d7e1e9.exe
Size

2.7MB
MD5

cd56814b308d5a9c89ae412c52d7e1e9
SHA1

fac28dbd0e898302108fbeab4a0450b4e61d52c2
SHA256

a3420250efb10458fb210270e5b0206fd5a4fe4114136cbadde084d4ef69da89
SHA512

12ffa1aea263a2af5437da511c332937ddc548598c00e0f33d9893f60748a5103fbeca59ca54e9548c767c0cd61588dda2a6022e8b87e5a0eea77fb4a6d023cc
SSDEEP

49152:vw8HYuMxbUzWIDSixIFH1KPsVXw7Zn2qGlVth/VhfNlqcZ1BcTUnOf:9HYRbUzWI+iKgKfNh/VhfT7HnOf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3024	cd56814b308d5a9c89ae412c52d7e1e9.exe

Executes dropped EXE 1 IoCs

pid	Process
3024	cd56814b308d5a9c89ae412c52d7e1e9.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	cd56814b308d5a9c89ae412c52d7e1e9.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000013a1a-10.dat	upx
behavioral1/files/0x000a000000013a1a-15.dat	upx
behavioral1/memory/2040-14-0x0000000003890000-0x0000000003D7F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2040	cd56814b308d5a9c89ae412c52d7e1e9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2040	cd56814b308d5a9c89ae412c52d7e1e9.exe
3024	cd56814b308d5a9c89ae412c52d7e1e9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 3024	2040	cd56814b308d5a9c89ae412c52d7e1e9.exe	28
PID 2040 wrote to memory of 3024	2040	cd56814b308d5a9c89ae412c52d7e1e9.exe	28
PID 2040 wrote to memory of 3024	2040	cd56814b308d5a9c89ae412c52d7e1e9.exe	28
PID 2040 wrote to memory of 3024	2040	cd56814b308d5a9c89ae412c52d7e1e9.exe	28

C:\Users\Admin\AppData\Local\Temp\cd56814b308d5a9c89ae412c52d7e1e9.exe
"C:\Users\Admin\AppData\Local\Temp\cd56814b308d5a9c89ae412c52d7e1e9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\cd56814b308d5a9c89ae412c52d7e1e9.exe
  C:\Users\Admin\AppData\Local\Temp\cd56814b308d5a9c89ae412c52d7e1e9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cd56814b308d5a9c89ae412c52d7e1e9.exe

Filesize
45KB

MD5
870d4c268e18e5941b91a34a1e5cdfac

SHA1
8713565014dccb19e6d907b2148ef0fbf6ab8736

SHA256
e3b37442a599d5d4668d99ad1694811d998486d4caef2d9d1e62c8de6a460c73

SHA512
9834ad67548ddcca67556a96767e99ea7db5d3d01405d61cad10289c79f5bc3276cf4437fc0f9931cbccb9db9fc9322b53aaf3c3149256db4bff9cf2721f97d1

Download Submit
\Users\Admin\AppData\Local\Temp\cd56814b308d5a9c89ae412c52d7e1e9.exe

Filesize
785KB

MD5
262dd64edfe1e7df0bcf0a3b1876348b

SHA1
577a8a0b06d3e89eeec18a0621e1bfe1d3d0efde

SHA256
94a8206178ceddd23124e9b30c962e45c7ae9e2848df34d5af51e207a95297c6

SHA512
ffd42bbe21dc33cdf84b13ea0ae307807e9ba2bbd6326fc46d4667056cd1a7c2e50c8056f6e49b66f5535582c69f38d7d79a16c370e9f283a0392a5faf49f16a

Download Submit
memory/2040-14-0x0000000003890000-0x0000000003D7F000-memory.dmp

Filesize
4.9MB

Download
memory/2040-1-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2040-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2040-31-0x0000000003890000-0x0000000003D7F000-memory.dmp

Filesize
4.9MB

Download
memory/2040-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2040-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3024-20-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/3024-24-0x00000000035C0000-0x00000000037EA000-memory.dmp

Filesize
2.2MB

Download
memory/3024-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3024-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3024-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3024-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download