e66cf44e428d0ffcc0de5e35b33611eb0940c59159e86a6198621006d802e0f8

Analysis

max time kernel
118s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c749b89de1dcf83f90f65d0208b7afd6.exe
Size

1.3MB
MD5

c749b89de1dcf83f90f65d0208b7afd6
SHA1

2986efb96482c25f2c2f4ac40d472bf1b0f8a0b9
SHA256

e66cf44e428d0ffcc0de5e35b33611eb0940c59159e86a6198621006d802e0f8
SHA512

5a60c6f5dd1e91ce0ad1a0a0ec00cee872a765737946525c10b14ff100838240d65a814d93fc5df6c7e9b0717336a880a72ebf65a80ae52f3a20b258f6ed1282
SSDEEP

24576:JSlD919q6z38baXMRs0D2JO0t7Xyh5+1vxzlKw5p+C7I1opCU9/9Us:JADUb9C0D2Uoh1vxsS+C8eR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2292	c749b89de1dcf83f90f65d0208b7afd6.exe

Executes dropped EXE 1 IoCs

pid	Process
2292	c749b89de1dcf83f90f65d0208b7afd6.exe

Loads dropped DLL 1 IoCs

pid	Process
2900	c749b89de1dcf83f90f65d0208b7afd6.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2900-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/2292-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012243-14.dat	upx
behavioral1/files/0x000a000000012243-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2900	c749b89de1dcf83f90f65d0208b7afd6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2900	c749b89de1dcf83f90f65d0208b7afd6.exe
2292	c749b89de1dcf83f90f65d0208b7afd6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2292	2900	c749b89de1dcf83f90f65d0208b7afd6.exe	21
PID 2900 wrote to memory of 2292	2900	c749b89de1dcf83f90f65d0208b7afd6.exe	21
PID 2900 wrote to memory of 2292	2900	c749b89de1dcf83f90f65d0208b7afd6.exe	21
PID 2900 wrote to memory of 2292	2900	c749b89de1dcf83f90f65d0208b7afd6.exe	21

C:\Users\Admin\AppData\Local\Temp\c749b89de1dcf83f90f65d0208b7afd6.exe
"C:\Users\Admin\AppData\Local\Temp\c749b89de1dcf83f90f65d0208b7afd6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\c749b89de1dcf83f90f65d0208b7afd6.exe
  C:\Users\Admin\AppData\Local\Temp\c749b89de1dcf83f90f65d0208b7afd6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c749b89de1dcf83f90f65d0208b7afd6.exe

Filesize
172KB

MD5
5c52b43694638c04d9a50611ac62acd3

SHA1
971ccce2f4dc41b8875481a651709b0d8afe601a

SHA256
2cd4c5f713abef36225191f805d093a8536715f74a00e5f43b2fcebe3f536c3c

SHA512
638b9877c968eb4eb88dc8aa2949909bf40fdbbcb1b96689b138ad367302c4a43e116983086d95973903c4ad5892b58c521f0f81d2191fba1fa1e3766c0f46cb

Download Submit
\Users\Admin\AppData\Local\Temp\c749b89de1dcf83f90f65d0208b7afd6.exe

Filesize
112KB

MD5
2677af40b88ff05847ac998d79acc9b5

SHA1
712c5a6d9085902e8e5608841a8d3178616ba37e

SHA256
a825256e6fd40cff33743f0d845c2e9079c374e74b47ecfb50fb1ae74f27748c

SHA512
14f85a3b4b6efa0a00996a3e8c9cd45a0d200e457a1156f4c2680b92a55001b7d0fef9ac27b9a17262531a91ce766495faf8f799c5d9b12752a1b669fc91a3bc

Download Submit
memory/2292-24-0x0000000003410000-0x0000000003632000-memory.dmp

Filesize
2.1MB

Download
memory/2292-18-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2292-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2292-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2292-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2292-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2900-15-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/2900-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2900-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2900-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2900-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2900-31-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download