0f4a6b1ca20b1846e96d1017796cc4ee26e330eb125648a0e4aeb8dbb5211306

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efc5375e36af2d2754df1086dfdbec4b.exe
Size

5.8MB
MD5

efc5375e36af2d2754df1086dfdbec4b
SHA1

906787504dd0e1affa6eff58f843c7af0685153f
SHA256

0f4a6b1ca20b1846e96d1017796cc4ee26e330eb125648a0e4aeb8dbb5211306
SHA512

9b1c4b484f2008dbce6bb9996fd6701445bca7b620b98d6ad4dafaf661d12f7647d7a4f2f53ee8ca60bbc6cbd8474a0f422813f58fdccd53484ed0d0dca6500f
SSDEEP

98304:QKpodZeIjD4E1dcGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:QMQZPjbSGhRaaCkN9qHGhRa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2432	efc5375e36af2d2754df1086dfdbec4b.exe

Executes dropped EXE 1 IoCs

pid	Process
2432	efc5375e36af2d2754df1086dfdbec4b.exe

Loads dropped DLL 1 IoCs

pid	Process
1436	efc5375e36af2d2754df1086dfdbec4b.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1436-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222d-10.dat	upx
behavioral1/files/0x000800000001222d-13.dat	upx
behavioral1/memory/2432-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1436	efc5375e36af2d2754df1086dfdbec4b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1436	efc5375e36af2d2754df1086dfdbec4b.exe
2432	efc5375e36af2d2754df1086dfdbec4b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 2432	1436	efc5375e36af2d2754df1086dfdbec4b.exe	28
PID 1436 wrote to memory of 2432	1436	efc5375e36af2d2754df1086dfdbec4b.exe	28
PID 1436 wrote to memory of 2432	1436	efc5375e36af2d2754df1086dfdbec4b.exe	28
PID 1436 wrote to memory of 2432	1436	efc5375e36af2d2754df1086dfdbec4b.exe	28

C:\Users\Admin\AppData\Local\Temp\efc5375e36af2d2754df1086dfdbec4b.exe
"C:\Users\Admin\AppData\Local\Temp\efc5375e36af2d2754df1086dfdbec4b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Users\Admin\AppData\Local\Temp\efc5375e36af2d2754df1086dfdbec4b.exe
  C:\Users\Admin\AppData\Local\Temp\efc5375e36af2d2754df1086dfdbec4b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\efc5375e36af2d2754df1086dfdbec4b.exe

Filesize
2.0MB

MD5
f1dc80bdf9d4a11ac631dc3c12ae1200

SHA1
a137a55e08d74559884f71f0a1ff7ea1fbf9e17c

SHA256
df42d9cf98fbee0e3357c61537b078b95b532dc47029add819a862f31adb8614

SHA512
5db2ee8a0258d6dbe1f8506c740fe079aadf77c19a6f75862e798d82967a2a534703f9dd046f554ac59cfadd61267a7148bbdb11185a7965b88408ab4b6adb3d

Download Submit
\Users\Admin\AppData\Local\Temp\efc5375e36af2d2754df1086dfdbec4b.exe

Filesize
1.7MB

MD5
6a3a899ec8d2ea74e1a927b69de0ea11

SHA1
2fd1e02432a4a3bb1310a09039820a6d9c7df84f

SHA256
7f92e6d87ec0f0d26fbedc29960064a04b937fe2fa6aa0edfaf27f4be01bb70d

SHA512
b7af9f1508e9dfa76ba7a1cbcaf04df12e306bda42dd4fa0c942a78bae6faeafb42e9142620396256d1611949e384174a4da7744250feb3b5ddc54cee742ed48

Download Submit
memory/1436-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1436-2-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/1436-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1436-15-0x0000000003F10000-0x00000000043FF000-memory.dmp

Filesize
4.9MB

Download
memory/1436-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1436-30-0x0000000003F10000-0x00000000043FF000-memory.dmp

Filesize
4.9MB

Download
memory/2432-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2432-19-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/2432-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2432-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2432-24-0x0000000003550000-0x000000000377A000-memory.dmp

Filesize
2.2MB

Download
memory/2432-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download