c048541bc9b490e97d68b40e4f5c7e7b3d14213875b05ee397cdf767beb49ba5

Analysis

max time kernel
122s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec2cd68c39b0f801d3d4567410735720.exe
Size

1.3MB
MD5

ec2cd68c39b0f801d3d4567410735720
SHA1

f6d452e3df0a70bdbd85e082d32a0b6b6fbf10c1
SHA256

c048541bc9b490e97d68b40e4f5c7e7b3d14213875b05ee397cdf767beb49ba5
SHA512

0e8daa92b63446210d75323d4db823198f631ab35a6452dfa38abe5dee2bce11f3cd63c76bcaa331d19ea3269ba3288955e981bbcf7f1648a2f32258249b01bd
SSDEEP

24576:K4hJ0gAeWkpQG2WwvE0T3p+DRFN41o5iWq7wTLh2AxSvuxNa2fU9/9Us:K4hJ0g/jj2WeE43ps80dqJAcvXR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2276	ec2cd68c39b0f801d3d4567410735720.exe

Executes dropped EXE 1 IoCs

pid	Process
2276	ec2cd68c39b0f801d3d4567410735720.exe

Loads dropped DLL 1 IoCs

pid	Process
1348	ec2cd68c39b0f801d3d4567410735720.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1348-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012284-10.dat	upx
behavioral1/files/0x0008000000012284-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1348	ec2cd68c39b0f801d3d4567410735720.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1348	ec2cd68c39b0f801d3d4567410735720.exe
2276	ec2cd68c39b0f801d3d4567410735720.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 2276	1348	ec2cd68c39b0f801d3d4567410735720.exe	27
PID 1348 wrote to memory of 2276	1348	ec2cd68c39b0f801d3d4567410735720.exe	27
PID 1348 wrote to memory of 2276	1348	ec2cd68c39b0f801d3d4567410735720.exe	27
PID 1348 wrote to memory of 2276	1348	ec2cd68c39b0f801d3d4567410735720.exe	27

C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe
"C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe
  C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe

Filesize
570KB

MD5
9d83c1316421f686b01b1b43ac25363a

SHA1
dcac7b2ff15d37cb5227f0889d9b3d57b8ed55fc

SHA256
3a22107ffd132b6c912e994b45cb2a6ec5c949a99ccf49720daaf13700db2a00

SHA512
a46eeca4db54462379d0a2737aa5c63b4347621c69f30689cce265a6c4fd2c0af34231a7780be0fe4df418658a6bd9d571a3f3e0c7decf139820695a90aa6abf

Download Submit
\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe

Filesize
45KB

MD5
a06380d4111b78ef505f69444bb5fe8f

SHA1
1e61901f38aa34b1a6d4ee6444043ad371c59895

SHA256
8ef8f170fc69c5dd345717b919b26673a0b85782a25477313a03e8aa5c9c670c

SHA512
555c2f2507f5f907af96a7285fe87341f8d439d12216e1ad3d03e6164a473fb586cc3d29eb920a613f6b1f622453a6eaba439a844d320e44cba2231440a3b0d5

Download Submit
memory/1348-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1348-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1348-15-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/1348-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1348-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1348-31-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/2276-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2276-18-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2276-20-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2276-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2276-24-0x0000000003570000-0x0000000003792000-memory.dmp

Filesize
2.1MB

Download
memory/2276-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download