6465637f81415822ba51245da5fea5bf904168a07de6992390f441bea9e93fb5

Analysis

max time kernel
117s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddf867e2a639299bfe5f4dde6ec5667a.exe
Size

4.8MB
MD5

ddf867e2a639299bfe5f4dde6ec5667a
SHA1

b019acf8c7f80540a617ba6d30ecbedcb8359d6d
SHA256

6465637f81415822ba51245da5fea5bf904168a07de6992390f441bea9e93fb5
SHA512

5e98bd9e1b6f2c71d8eab4bfd2186edae1c30edc5ed2c78379052ae9d2f0fea1da6c9fc2943e79e65a57b868fa690aa9e0098db7ab2ce9ace76ac22749d8c1a0
SSDEEP

98304:OHjsj6CThrw6iwvlRgg3gnl/IVUs1jee2Fl4r60Rgg3gnl/IVUs1jr:LNTCdkgl/iB08r6igl/iBP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1640	ddf867e2a639299bfe5f4dde6ec5667a.exe

Executes dropped EXE 1 IoCs

pid	Process
1640	ddf867e2a639299bfe5f4dde6ec5667a.exe

Loads dropped DLL 1 IoCs

pid	Process
2348	ddf867e2a639299bfe5f4dde6ec5667a.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012274-10.dat	upx
behavioral1/files/0x000b000000012274-13.dat	upx
behavioral1/memory/2348-14-0x0000000003E80000-0x000000000436F000-memory.dmp	upx
behavioral1/memory/1640-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2348	ddf867e2a639299bfe5f4dde6ec5667a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2348	ddf867e2a639299bfe5f4dde6ec5667a.exe
1640	ddf867e2a639299bfe5f4dde6ec5667a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1640	2348	ddf867e2a639299bfe5f4dde6ec5667a.exe	28
PID 2348 wrote to memory of 1640	2348	ddf867e2a639299bfe5f4dde6ec5667a.exe	28
PID 2348 wrote to memory of 1640	2348	ddf867e2a639299bfe5f4dde6ec5667a.exe	28
PID 2348 wrote to memory of 1640	2348	ddf867e2a639299bfe5f4dde6ec5667a.exe	28

C:\Users\Admin\AppData\Local\Temp\ddf867e2a639299bfe5f4dde6ec5667a.exe
"C:\Users\Admin\AppData\Local\Temp\ddf867e2a639299bfe5f4dde6ec5667a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\ddf867e2a639299bfe5f4dde6ec5667a.exe
  C:\Users\Admin\AppData\Local\Temp\ddf867e2a639299bfe5f4dde6ec5667a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ddf867e2a639299bfe5f4dde6ec5667a.exe

Filesize
832KB

MD5
268146bb8e370e1cdd24f85b62509472

SHA1
a941b50d7ff1cb704e0d5512981154782e8248a7

SHA256
2348489f85d4f666bed2d6a9536937dbf31a5f44e085fcfb9c29248d6595f58b

SHA512
64d7b9dcdcaac2d0cd1c8291694be68fea9e2c01e39df4362cd8be435dace6591ee9e7b81b91082e705ed60e30d8e4db25becc37b6b56fa12836563597484007

Download Submit
\Users\Admin\AppData\Local\Temp\ddf867e2a639299bfe5f4dde6ec5667a.exe

Filesize
1.1MB

MD5
96c39412c6b272b1e03dde1634e5073f

SHA1
aabc83491166c4afd7ffb84e8f769fc7f0e66b1f

SHA256
da93df804877c67afeb52888ee121565613831e1605e16e85894aa1836cd5aee

SHA512
bab89c75c4201c9766036ed157bfa8043010f0bc1d726df6665093317ff57f92669fa310ddfff65ad366a15e786088315a350afd404e6f2bb3f19271a8cc65ad

Download Submit
memory/1640-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1640-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1640-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1640-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1640-25-0x0000000003430000-0x000000000365A000-memory.dmp

Filesize
2.2MB

Download
memory/1640-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-2-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/2348-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-14-0x0000000003E80000-0x000000000436F000-memory.dmp

Filesize
4.9MB

Download
memory/2348-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-31-0x0000000003E80000-0x000000000436F000-memory.dmp

Filesize
4.9MB

Download