d0f3444b484f3e23d0697ed2182b82894b64e02d2d025fb95cc64e2fb810dab6

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2d5c9971018d08859bcd18f1823b192.exe
Size

2.7MB
MD5

c2d5c9971018d08859bcd18f1823b192
SHA1

f4b6f7c1347aad97bba2015282a07975bec069e3
SHA256

d0f3444b484f3e23d0697ed2182b82894b64e02d2d025fb95cc64e2fb810dab6
SHA512

4856920344ae81b1c0197814dad812665441af6947e2726756da87b66af4aca51d952b9560189e6e4aca07545071f25bc70b6c24a2a1f75ed4086669a0a4f887
SSDEEP

49152:wjO+L2KU1x8vqwR1/ZHgAIGt98c0pVxwcsXLCR9SCL2EeLPxTCkfUM65IhNH6nsk:wiOU/MH998BvwVLCHSCL2EeTFffNHHsD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2520	c2d5c9971018d08859bcd18f1823b192.exe

Executes dropped EXE 1 IoCs

pid	Process
2520	c2d5c9971018d08859bcd18f1823b192.exe

Loads dropped DLL 1 IoCs

pid	Process
2320	c2d5c9971018d08859bcd18f1823b192.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c00000001224c-10.dat	upx
behavioral1/files/0x000c00000001224c-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2320	c2d5c9971018d08859bcd18f1823b192.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2320	c2d5c9971018d08859bcd18f1823b192.exe
2520	c2d5c9971018d08859bcd18f1823b192.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2520	2320	c2d5c9971018d08859bcd18f1823b192.exe	28
PID 2320 wrote to memory of 2520	2320	c2d5c9971018d08859bcd18f1823b192.exe	28
PID 2320 wrote to memory of 2520	2320	c2d5c9971018d08859bcd18f1823b192.exe	28
PID 2320 wrote to memory of 2520	2320	c2d5c9971018d08859bcd18f1823b192.exe	28

C:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe
"C:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe
  C:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe

Filesize
710KB

MD5
6f84eca6895239d3a542dd7779eae23a

SHA1
a3ba71db1391678a5bf371b378f7ff1425c933c5

SHA256
5a392e32a09dde920dc073c61cb60f60f093868672a38121d6d5fa791b7f6903

SHA512
71d10d1cb1f44b327a2161fac4bbb8bbb79c3f3d9fbe72da43a0907a5b38245ca8c20601f1c2833cee3ee1efe5fc4820bc305c77377899328438a6eef7670dfd

Download Submit
\Users\Admin\AppData\Local\Temp\c2d5c9971018d08859bcd18f1823b192.exe

Filesize
576KB

MD5
1a2d9a7480d6f27d02b4ee752f33f58a

SHA1
c638cb2ee7921b6bad2f1856bfd1fbf4bb6df9a2

SHA256
7f6b84bf300439cc9367578bb19482220dbfdb753a96fc14fc3c27befc2f1b27

SHA512
97cde76ed101d183ff1d7c9f1479799922a33019b91846e4ca8853ab0795c8163578e8290cfd66cb28571faa38c82a1cf0970c88c1fc02ecab25cea1819c2b3c

Download Submit
memory/2320-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2320-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2320-2-0x00000000002C0000-0x00000000003F1000-memory.dmp

Filesize
1.2MB

Download
memory/2320-14-0x00000000038A0000-0x0000000003D87000-memory.dmp

Filesize
4.9MB

Download
memory/2320-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2320-31-0x00000000038A0000-0x0000000003D87000-memory.dmp

Filesize
4.9MB

Download
memory/2520-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2520-19-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2520-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2520-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2520-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2520-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download