20efc2d72be1ee08e55e0bbeb80f02f3ad0bccada3559892a5647f4f84c9c719

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5a314fbd675c3bd8041328357eb6beb.exe
Size

2.9MB
MD5

e5a314fbd675c3bd8041328357eb6beb
SHA1

29c610a3e3560149aab099073517591bbba93cf3
SHA256

20efc2d72be1ee08e55e0bbeb80f02f3ad0bccada3559892a5647f4f84c9c719
SHA512

7e106eccf8d699d06985eb943666381fb127d9a41e286f820fbf226118d91866aff6a7c08abd924e64c9e88eddcb25de5beea36672d8735b4d4da7a7d4db7be5
SSDEEP

49152:ByJyNRah3e5hXB+ZiwB/N74NH5HUyNRcUsCVOzetdZJ:5NRapSRxQ/4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2396	e5a314fbd675c3bd8041328357eb6beb.exe

Executes dropped EXE 1 IoCs

pid	Process
2396	e5a314fbd675c3bd8041328357eb6beb.exe

Loads dropped DLL 1 IoCs

pid	Process
2348	e5a314fbd675c3bd8041328357eb6beb.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b0000000122dc-10.dat	upx
behavioral1/memory/2348-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx
behavioral1/files/0x000b0000000122dc-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2348	e5a314fbd675c3bd8041328357eb6beb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2348	e5a314fbd675c3bd8041328357eb6beb.exe
2396	e5a314fbd675c3bd8041328357eb6beb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2396	2348	e5a314fbd675c3bd8041328357eb6beb.exe	28
PID 2348 wrote to memory of 2396	2348	e5a314fbd675c3bd8041328357eb6beb.exe	28
PID 2348 wrote to memory of 2396	2348	e5a314fbd675c3bd8041328357eb6beb.exe	28
PID 2348 wrote to memory of 2396	2348	e5a314fbd675c3bd8041328357eb6beb.exe	28

C:\Users\Admin\AppData\Local\Temp\e5a314fbd675c3bd8041328357eb6beb.exe
"C:\Users\Admin\AppData\Local\Temp\e5a314fbd675c3bd8041328357eb6beb.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\e5a314fbd675c3bd8041328357eb6beb.exe
  C:\Users\Admin\AppData\Local\Temp\e5a314fbd675c3bd8041328357eb6beb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e5a314fbd675c3bd8041328357eb6beb.exe

Filesize
1.0MB

MD5
0977aeae01fc46a08972cb72efec4a00

SHA1
15fdf8d1bdf5f5a5ffb4d33568405cf754682293

SHA256
22122d6462202483f467fefc077a199d3e8afee4c69d5e872be817c949c538a0

SHA512
d2bedb7a9a8632e3f251617a36566bf6419113b341713187898f4742334952e23576a3a942ec2936cf10d68e61db4faaf50a397ed8cabfe65784a309c91871a5

Download Submit
\Users\Admin\AppData\Local\Temp\e5a314fbd675c3bd8041328357eb6beb.exe

Filesize
704KB

MD5
83c44197c4df42479d1875805b006200

SHA1
c2befa1fec55847f0d11370b029c2ce239065d7c

SHA256
a4228dc5e2eabc58687d6cb9ab406d2596cb5c89988cfcf9ad2a6541c3a5446e

SHA512
dc6fd79eab221e836cff388012e616ddf4863938742bf2142080abf94b6945663976cc708d265d236216a4f9ecca3a42b1f66f36ee2c634a9f5c770b617c3eb1

Download Submit
memory/2348-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2348-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2396-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2396-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download