af12a7b9416073faaa640c5472788c35dd6371cf8243bb7dfa9fbe3d5af0d5b6

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e13ae2d7e6c1245b2ec3638aa9db3f24.exe
Size

1.3MB
MD5

e13ae2d7e6c1245b2ec3638aa9db3f24
SHA1

287b5df5d7c20beb275ce4f23589a1f622b007de
SHA256

af12a7b9416073faaa640c5472788c35dd6371cf8243bb7dfa9fbe3d5af0d5b6
SHA512

a74d177c98b2977c348fd5de0ffa3837d31f77237fbb97a66bfbd871ec4a7fcea69a00299bdb0e26bfaab492145f5a2ad2d33a3a03a7b4fc3930dda23abdb5a0
SSDEEP

24576:ZK82l/N73rqso5jkN+21PtGLAMuSIGb0sEYoSSHDYRnbdoWc:OlF73GbAIMRM3IMNEYoS9dop

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2536	e13ae2d7e6c1245b2ec3638aa9db3f24.exe

Executes dropped EXE 1 IoCs

pid	Process
2536	e13ae2d7e6c1245b2ec3638aa9db3f24.exe

Loads dropped DLL 1 IoCs

pid	Process
2144	e13ae2d7e6c1245b2ec3638aa9db3f24.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000012251-13.dat	upx
behavioral1/memory/2536-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012251-10.dat	upx
behavioral1/memory/2144-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2144	e13ae2d7e6c1245b2ec3638aa9db3f24.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2144	e13ae2d7e6c1245b2ec3638aa9db3f24.exe
2536	e13ae2d7e6c1245b2ec3638aa9db3f24.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2536	2144	e13ae2d7e6c1245b2ec3638aa9db3f24.exe	15
PID 2144 wrote to memory of 2536	2144	e13ae2d7e6c1245b2ec3638aa9db3f24.exe	15
PID 2144 wrote to memory of 2536	2144	e13ae2d7e6c1245b2ec3638aa9db3f24.exe	15
PID 2144 wrote to memory of 2536	2144	e13ae2d7e6c1245b2ec3638aa9db3f24.exe	15

C:\Users\Admin\AppData\Local\Temp\e13ae2d7e6c1245b2ec3638aa9db3f24.exe
"C:\Users\Admin\AppData\Local\Temp\e13ae2d7e6c1245b2ec3638aa9db3f24.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Users\Admin\AppData\Local\Temp\e13ae2d7e6c1245b2ec3638aa9db3f24.exe
  C:\Users\Admin\AppData\Local\Temp\e13ae2d7e6c1245b2ec3638aa9db3f24.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e13ae2d7e6c1245b2ec3638aa9db3f24.exe

Filesize
48KB

MD5
f58331db27d7ce879a774c542d34d8aa

SHA1
ff1d44e5b6e47022cc84700b77fa00da7b25c73c

SHA256
624b08be0e87313e79689b3fb85e2f54629d33ed2b4dc55dc1adf7c07c47b5cb

SHA512
e6cb384ee25080807934438e3a9261afcd92ff5bd6c6e4de6dd52da8004542423065d57fce83109d439e61c1a88da6e3b848ad7d471f82df278acf5a42ebb25c

Download Submit
\Users\Admin\AppData\Local\Temp\e13ae2d7e6c1245b2ec3638aa9db3f24.exe

Filesize
47KB

MD5
0e4f6e5ca7299fa426926e1f46b6925f

SHA1
cfa813923816b4f4892e145bbfd80c6ea4264f06

SHA256
c84cf6583abcc17a1e04048c1ff1a4b25d38b756be70c7d2c8b0a4ba906d4d7c

SHA512
06a6225c0f67ae5f066800b2f3281315ed27d6cadc339eaa0628d4c6921252250ac46f257d1017327fe6dfdd30997649826164bd256c870656e47e2fb3c54d80

Download Submit
memory/2144-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2144-15-0x0000000003390000-0x000000000387F000-memory.dmp

Filesize
4.9MB

Download
memory/2144-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2144-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2144-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2144-31-0x0000000003390000-0x000000000387F000-memory.dmp

Filesize
4.9MB

Download
memory/2536-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2536-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2536-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2536-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2536-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2536-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download