eddc08a1a4249925a7a7751efff216729bfb89e50b9bbed049132ade603e3f75

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eed094c82d6d963d306478e6a7b0496c.exe
Size

2.7MB
MD5

eed094c82d6d963d306478e6a7b0496c
SHA1

f5e4c485641225b65a7b389ec7c35c1f3d114eeb
SHA256

eddc08a1a4249925a7a7751efff216729bfb89e50b9bbed049132ade603e3f75
SHA512

7e60a55ea33c90b046bcded386228ff9500340e8682c97504e6b9a9f744da8386ac24c69f9c598d457fff303d1750cf4767f7e3d5b58539f246e9ba94a4f99b4
SSDEEP

49152:fAz4hOq/mTXAoL0Abvm1SUA8gByYQjPj/vMEfF7UjXSerjXpswxgDlhYsup:fAz4hOBT7vm1LgBnMPzvMwF7MXSYswHf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2480	eed094c82d6d963d306478e6a7b0496c.exe

Executes dropped EXE 1 IoCs

pid	Process
2480	eed094c82d6d963d306478e6a7b0496c.exe

Loads dropped DLL 1 IoCs

pid	Process
2928	eed094c82d6d963d306478e6a7b0496c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2928-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000014227-12.dat	upx
behavioral1/files/0x000b000000014227-13.dat	upx
behavioral1/files/0x000b000000014227-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2928	eed094c82d6d963d306478e6a7b0496c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2928	eed094c82d6d963d306478e6a7b0496c.exe
2480	eed094c82d6d963d306478e6a7b0496c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2480	2928	eed094c82d6d963d306478e6a7b0496c.exe	28
PID 2928 wrote to memory of 2480	2928	eed094c82d6d963d306478e6a7b0496c.exe	28
PID 2928 wrote to memory of 2480	2928	eed094c82d6d963d306478e6a7b0496c.exe	28
PID 2928 wrote to memory of 2480	2928	eed094c82d6d963d306478e6a7b0496c.exe	28

C:\Users\Admin\AppData\Local\Temp\eed094c82d6d963d306478e6a7b0496c.exe
"C:\Users\Admin\AppData\Local\Temp\eed094c82d6d963d306478e6a7b0496c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\eed094c82d6d963d306478e6a7b0496c.exe
  C:\Users\Admin\AppData\Local\Temp\eed094c82d6d963d306478e6a7b0496c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\eed094c82d6d963d306478e6a7b0496c.exe

Filesize
92KB

MD5
4b696702fb10ab29fb9fb16413a1555e

SHA1
759e40c6392c136460732b41ff987a4542b8f154

SHA256
fed92c3fa4349a5838e06f3dddaabdf42094728e464a2d72eb28ae0c6b9ebc3f

SHA512
5f5c11f466ac8dd859b5fad9a373de37cc78b797a8eeda29adc4b90e923e4fe04dcacad301f06daa271b6ab508e42ceb13b13329b445f858205337574c4dce21

Download Submit
\Users\Admin\AppData\Local\Temp\eed094c82d6d963d306478e6a7b0496c.exe

Filesize
382KB

MD5
8fb62f19eac39959527f4b9a92073302

SHA1
5e2a2e4f04083995546f10c6c029aefdf2768996

SHA256
f99dde19ece5d0259dc0a6800128ea10515fd7f5740a17dc3d9367d5f65f278e

SHA512
ea7e43df13b38fb666f9d98dd990d6196fe7c5973e972848a8e7bf1facc73cb87a62f7073b864db61971367a0c35b3a23bfcaa6de05258804c0f1bc0566e52ce

Download Submit
memory/2480-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2480-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2480-25-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/2480-16-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2480-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2480-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2928-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2928-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2928-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2928-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download