be0f56a020c18fa5c993876262252225bbd3bd6104a254210819ae0274de1de4

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f94f274e51174e18d5ec230060f14cc5.exe
Size

11.7MB
MD5

f94f274e51174e18d5ec230060f14cc5
SHA1

4ee0c4958d2c734cd604c08010cd98815dce1dbb
SHA256

be0f56a020c18fa5c993876262252225bbd3bd6104a254210819ae0274de1de4
SHA512

fe610de04dc49074d1cbf4a3acdaa2431cecab77cbbfbcb6fa159ef096de69f3594d42e5bc8399de4b2a7114b9771a81fedf9f75d850e12a1adc8a3d036a944c
SSDEEP

196608:tMnXXpG6MWCc0VqyheCWCOFFa2l0WCc0VqyheCWC:tEhMQywCAaU0QywC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2296	f94f274e51174e18d5ec230060f14cc5.exe

Executes dropped EXE 1 IoCs

pid	Process
2296	f94f274e51174e18d5ec230060f14cc5.exe

Loads dropped DLL 1 IoCs

pid	Process
2372	f94f274e51174e18d5ec230060f14cc5.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2372-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/memory/2372-15-0x0000000004990000-0x0000000004E7F000-memory.dmp	upx
behavioral1/files/0x0009000000012252-14.dat	upx
behavioral1/memory/2296-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2372	f94f274e51174e18d5ec230060f14cc5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2372	f94f274e51174e18d5ec230060f14cc5.exe
2296	f94f274e51174e18d5ec230060f14cc5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2296	2372	f94f274e51174e18d5ec230060f14cc5.exe	28
PID 2372 wrote to memory of 2296	2372	f94f274e51174e18d5ec230060f14cc5.exe	28
PID 2372 wrote to memory of 2296	2372	f94f274e51174e18d5ec230060f14cc5.exe	28
PID 2372 wrote to memory of 2296	2372	f94f274e51174e18d5ec230060f14cc5.exe	28

C:\Users\Admin\AppData\Local\Temp\f94f274e51174e18d5ec230060f14cc5.exe
"C:\Users\Admin\AppData\Local\Temp\f94f274e51174e18d5ec230060f14cc5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\f94f274e51174e18d5ec230060f14cc5.exe
  C:\Users\Admin\AppData\Local\Temp\f94f274e51174e18d5ec230060f14cc5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f94f274e51174e18d5ec230060f14cc5.exe

Filesize
854KB

MD5
bc9e16e5461d3ef373329c8972e1672e

SHA1
795f1f42fc973622561bd99cb7363a77b8c12bb7

SHA256
adbb899212813f302e63ee6635466634a64a603c52caa6d8a5bbfbd835403466

SHA512
ae28c02c44008fe16ccb54bc9e8d1527a3bc3132f449cc322dc686d20b79f83c38f1b04a755b1e7f95306ce57dd4ce336662251528cfc053d2d25aa4ff4001f1

Download Submit
\Users\Admin\AppData\Local\Temp\f94f274e51174e18d5ec230060f14cc5.exe

Filesize
1.4MB

MD5
ae18a5f0b29f681d8a4119c54351dc06

SHA1
37f08530ca5fcadbdc4f8968d8ea21e847480ebf

SHA256
e366c85adcff3cd187380f053ffed16149a0af2847be6b9612e8ce22f145f414

SHA512
7956b23a69a1ab8aef815df517fc218245b17d63fe11c62622164785a566a048cef59d458afe9a725675a134faa526a720ac2c446a7b7336ed02af5fbc4ac1ff

Download Submit
memory/2296-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2296-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2296-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2296-25-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2296-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2296-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2372-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2372-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2372-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2372-15-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download
memory/2372-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2372-31-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download