f2a517d3798f37f69f4848c8cdaa745e4c38830ab95a0e3315ba7ee1036e1301

Analysis

max time kernel
120s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f444795e1fe2c0819a23c73ad2e30eec.exe
Size

2.7MB
MD5

f444795e1fe2c0819a23c73ad2e30eec
SHA1

e4492a2c70c8dc1dd027e1a3a5c57782919e3a38
SHA256

f2a517d3798f37f69f4848c8cdaa745e4c38830ab95a0e3315ba7ee1036e1301
SHA512

3fba2e51c577b2bc70d53666e57e06b41f065f02b6e8b4d1c0a969e273df372d4bd82f491ce04f03212547c31bc9cfba965444b0615cbf826a1f20bef9fbb03d
SSDEEP

49152:rvsbLvtJk8aBEobHUiZgxrR9SfFyG/Jq73X1jm+IyZBT/kjHMR9j:rkknfbHUiC9HSPMH1iEZ1/MsHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2796	f444795e1fe2c0819a23c73ad2e30eec.exe

Executes dropped EXE 1 IoCs

pid	Process
2796	f444795e1fe2c0819a23c73ad2e30eec.exe

Loads dropped DLL 1 IoCs

pid	Process
2776	f444795e1fe2c0819a23c73ad2e30eec.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2776-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0007000000012284-10.dat	upx
behavioral1/files/0x0007000000012284-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2776	f444795e1fe2c0819a23c73ad2e30eec.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2776	f444795e1fe2c0819a23c73ad2e30eec.exe
2796	f444795e1fe2c0819a23c73ad2e30eec.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2796	2776	f444795e1fe2c0819a23c73ad2e30eec.exe	27
PID 2776 wrote to memory of 2796	2776	f444795e1fe2c0819a23c73ad2e30eec.exe	27
PID 2776 wrote to memory of 2796	2776	f444795e1fe2c0819a23c73ad2e30eec.exe	27
PID 2776 wrote to memory of 2796	2776	f444795e1fe2c0819a23c73ad2e30eec.exe	27

C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe
"C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe
  C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe

Filesize
92KB

MD5
7178354b18d0347cb351da710505e378

SHA1
7e04fb5ea2f70962a80b08554fa9d0ef2f242bc9

SHA256
80b18614e3f83bfba9363d5f69e2d62a36ec33ea02c70275c25f57fb0b9be1b5

SHA512
ee35a26b535469696066243e87ddcef955fb8c0a50894210ad1fdf4fe7acab84e4ec898733aa8e4f2f07ffc3f064dfa30c6e8d33dd77f96069916c4da28e689d

Download Submit
\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe

Filesize
273KB

MD5
0664879772530ea01ae578893d6cfbec

SHA1
3103f2a624b1d7a9b199012daab6cd3c7337285d

SHA256
5d06b4e9fd785336967d730b943a43d06d4ef69e1ae42645c6fda22a4c40849d

SHA512
2ed95a773fc205db3640df80fa4fd8af180033d1206405d5d79f56cea5c1388704b27bcd2607355941667e86b7114c96f684b50e602a0fbcc2fb541ae12e2f4d

Download Submit
memory/2776-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2776-3-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2776-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2776-14-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2776-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2796-18-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2796-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2796-21-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2796-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2796-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2796-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download