c543cc05ccb99ae3089848ccac1c9e635023f86002f5bc8d00ce9b326ab57386

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d61e147c0f05b97e57fa1794581822c8.exe
Size

5.3MB
MD5

d61e147c0f05b97e57fa1794581822c8
SHA1

9e823c51bedeb2a5fab361d8035bcd067ac6c251
SHA256

c543cc05ccb99ae3089848ccac1c9e635023f86002f5bc8d00ce9b326ab57386
SHA512

afe23483cfe2f4d5af14b6cbbddc5a3dac283893cdc923c353a48617cd4ea0060630776886363ceb31847f4d4d2c648e6ac3c0af76f62195c80f05a5cdce7585
SSDEEP

98304:9VHgvOhtmQEHktBcwQDM2YIDULHdcX3zeEBh03vsTFrKzKHktBcwQDM2YIDULHt:9VHqOhZEschDHI9iVE3vsTEzKschDHIN

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2720	d61e147c0f05b97e57fa1794581822c8.exe

Executes dropped EXE 1 IoCs

pid	Process
2720	d61e147c0f05b97e57fa1794581822c8.exe

Loads dropped DLL 1 IoCs

pid	Process
2332	d61e147c0f05b97e57fa1794581822c8.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2332-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/memory/2720-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0009000000012252-15.dat	upx
behavioral1/memory/2332-13-0x0000000003CA0000-0x0000000004187000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2332	d61e147c0f05b97e57fa1794581822c8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2332	d61e147c0f05b97e57fa1794581822c8.exe
2720	d61e147c0f05b97e57fa1794581822c8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2720	2332	d61e147c0f05b97e57fa1794581822c8.exe	23
PID 2332 wrote to memory of 2720	2332	d61e147c0f05b97e57fa1794581822c8.exe	23
PID 2332 wrote to memory of 2720	2332	d61e147c0f05b97e57fa1794581822c8.exe	23
PID 2332 wrote to memory of 2720	2332	d61e147c0f05b97e57fa1794581822c8.exe	23

C:\Users\Admin\AppData\Local\Temp\d61e147c0f05b97e57fa1794581822c8.exe
"C:\Users\Admin\AppData\Local\Temp\d61e147c0f05b97e57fa1794581822c8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\d61e147c0f05b97e57fa1794581822c8.exe
  C:\Users\Admin\AppData\Local\Temp\d61e147c0f05b97e57fa1794581822c8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d61e147c0f05b97e57fa1794581822c8.exe

Filesize
9KB

MD5
9a3b7308235ed0c6cdb5d66ce3c050f1

SHA1
425a831555865e59ba11fe155cce3d60ec04a814

SHA256
820428c7a950af2c3dbc2521f02ac5e34cfdfa9428d7d111d607057d67db5f29

SHA512
ceb37401349ea8e80b441dd154d0e8545083cb2feeee3151c45df7f0e61272c70d7ac4d5ce27329d0378fd11acdea149d24c104337f183f6705e5c8fa1636f25

Download Submit
\Users\Admin\AppData\Local\Temp\d61e147c0f05b97e57fa1794581822c8.exe

Filesize
59KB

MD5
5be8a8555a4211007715f955d4d75d3f

SHA1
12ed59cea8be0df8516e1fb36f0300c72469b318

SHA256
a06f10788e69d8e05b9340f98b98082aa9f17e7d42d11ce3b16b7edb10de79fc

SHA512
0c65141dd1a13a711792c70c6ed2334b4cba7042bcad1216887e788a58dee7105036761d57eaef1ee5388089317862814ca4413f4003e6cdf852f2e72bb33636

Download Submit
memory/2332-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2332-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2332-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2332-31-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/2332-13-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/2332-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2720-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2720-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2720-26-0x00000000034D0000-0x00000000036F2000-memory.dmp

Filesize
2.1MB

Download
memory/2720-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2720-18-0x0000000000260000-0x0000000000391000-memory.dmp

Filesize
1.2MB

Download
memory/2720-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download