7a6c79bb8ad2a4988074a3617aac723db1684ad3161c80551cfc0b943cbf25ae

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e303d62bb2216397fb1374bcdf6225cf.exe
Size

1.5MB
MD5

e303d62bb2216397fb1374bcdf6225cf
SHA1

711a9d500518047d13d3856d00ec1550b6284463
SHA256

7a6c79bb8ad2a4988074a3617aac723db1684ad3161c80551cfc0b943cbf25ae
SHA512

1d5c4350ed1b4ca52c09286f0f6fcfd187a33dadba3353d85da09ab681116c11a3164a0d32d93cc3c376104f09cb7640858a171a957460218431942accce33be
SSDEEP

24576:ukiqO/G0KD/cDxBncaz0OTFvq5jGqMPDH/uV2Q8s3iOsO6AX4rzsW:ukivNKD/YxBnPxvPr/uks3i3O6AWs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2608	e303d62bb2216397fb1374bcdf6225cf.exe

Executes dropped EXE 1 IoCs

pid	Process
2608	e303d62bb2216397fb1374bcdf6225cf.exe

Loads dropped DLL 1 IoCs

pid	Process
1044	e303d62bb2216397fb1374bcdf6225cf.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1044-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx
behavioral1/files/0x000a000000012243-12.dat	upx
behavioral1/memory/2608-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012243-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1044	e303d62bb2216397fb1374bcdf6225cf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1044	e303d62bb2216397fb1374bcdf6225cf.exe
2608	e303d62bb2216397fb1374bcdf6225cf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2608	1044	e303d62bb2216397fb1374bcdf6225cf.exe	28
PID 1044 wrote to memory of 2608	1044	e303d62bb2216397fb1374bcdf6225cf.exe	28
PID 1044 wrote to memory of 2608	1044	e303d62bb2216397fb1374bcdf6225cf.exe	28
PID 1044 wrote to memory of 2608	1044	e303d62bb2216397fb1374bcdf6225cf.exe	28

C:\Users\Admin\AppData\Local\Temp\e303d62bb2216397fb1374bcdf6225cf.exe
"C:\Users\Admin\AppData\Local\Temp\e303d62bb2216397fb1374bcdf6225cf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Users\Admin\AppData\Local\Temp\e303d62bb2216397fb1374bcdf6225cf.exe
  C:\Users\Admin\AppData\Local\Temp\e303d62bb2216397fb1374bcdf6225cf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e303d62bb2216397fb1374bcdf6225cf.exe

Filesize
137KB

MD5
38bb594aba2635f21b7621ebfff33b26

SHA1
9675a7903587afea50e034e2cb001414b4bd44df

SHA256
0e88784d3cd083c747377fe358c025fb71cee95f2d0e5181bf228fb970de528b

SHA512
a38355fa0e3a1ff91a3a04bcc6482b4ca7bf0f45f39a3e9c3d6446d4cad9c0c4a516bb7425beb36542e2cf10910a6c8267b1e864a7882c0d78470daf7c0e3420

Download Submit
C:\Users\Admin\AppData\Local\Temp\e303d62bb2216397fb1374bcdf6225cf.exe

Filesize
93KB

MD5
2388e61a13006636d13ee064724e30f8

SHA1
87a2ba116af447dab17eff06969a4b6289a12c55

SHA256
f1bfe1d74d30e9f097f037a5b124cbff03ab21f00a2b5f1a00e13cd3e69fd5f0

SHA512
ff812e29377c03f3e002c9e1b047fc182f6b15f9d74c31d32bd576b513efdf15d9368c7884949db113ffbc4d00099164e7820ca9845e1caa7f7f5a2b75a1a91d

Download Submit
\Users\Admin\AppData\Local\Temp\e303d62bb2216397fb1374bcdf6225cf.exe

Filesize
126KB

MD5
702e14980d20bc87d2bc89ec953c0a8e

SHA1
08422f264abbafe2989a181485f8816514b5f8ad

SHA256
4b66793176d5e199620e8e9d6ea7b3fc17abca9f306f7e563cc39ecf4ec16785

SHA512
647eca294e4e7dc91bafec12717042784f039a8a6817032accccca10d83679530565ab697e8593a04aeb2382f78a2630ec3db0586d889773303a3d35c418cdfa

Download Submit
memory/1044-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1044-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1044-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1044-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1044-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1044-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2608-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2608-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2608-18-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2608-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2608-24-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/2608-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download