a1e042e1da21e6b2b8a762fcb5d724c72d7252b22662fbef5983f3f1e90667f6

Analysis

max time kernel
2s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

151ed60a6684433adc5431d433fc5f23.exe
Size

1.1MB
MD5

151ed60a6684433adc5431d433fc5f23
SHA1

1db037a12aeeedd1f90fb9c279de885a063a4406
SHA256

a1e042e1da21e6b2b8a762fcb5d724c72d7252b22662fbef5983f3f1e90667f6
SHA512

fa734800c3a2430c32dcb55422fa9c4b4db3e0e6ef45abeffc163b7ace39eff6ba79768be8fe5041fcb492fd7bea7c68a8fcea06a355b8d00e917cc9a9dddbce
SSDEEP

24576:5BgCkVrizucYSpcaaWVgqSzLXdMS04R2AFeZiTcrgM86xc3FX7RWz:5BBFzBcWGqSzLf04R6i4kM8ccxR

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2032	setup.exe

Loads dropped DLL 1 IoCs

pid	Process
2212	151ed60a6684433adc5431d433fc5f23.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x00000000003F0000-0x0000000000642000-memory.dmp	upx
behavioral1/files/0x000a0000000144eb-8.dat	upx
behavioral1/memory/2032-9-0x0000000000380000-0x00000000005D2000-memory.dmp	upx
behavioral1/memory/2212-7-0x00000000003F0000-0x0000000000642000-memory.dmp	upx
behavioral1/files/0x000a0000000144eb-6.dat	upx
behavioral1/memory/2212-4-0x0000000002920000-0x0000000002B72000-memory.dmp	upx
behavioral1/files/0x000a0000000144eb-2.dat	upx
behavioral1/memory/2032-29-0x0000000000380000-0x00000000005D2000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2212	151ed60a6684433adc5431d433fc5f23.exe
2212	151ed60a6684433adc5431d433fc5f23.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe
2032	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2032	2212	151ed60a6684433adc5431d433fc5f23.exe	15
PID 2212 wrote to memory of 2032	2212	151ed60a6684433adc5431d433fc5f23.exe	15
PID 2212 wrote to memory of 2032	2212	151ed60a6684433adc5431d433fc5f23.exe	15
PID 2212 wrote to memory of 2032	2212	151ed60a6684433adc5431d433fc5f23.exe	15
PID 2212 wrote to memory of 2032	2212	151ed60a6684433adc5431d433fc5f23.exe	15
PID 2212 wrote to memory of 2032	2212	151ed60a6684433adc5431d433fc5f23.exe	15
PID 2212 wrote to memory of 2032	2212	151ed60a6684433adc5431d433fc5f23.exe	15

C:\Users\Admin\AppData\Local\Temp\setup.exe
C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\151ed60a6684433adc5431d433fc5f23.exe
"C:\Users\Admin\AppData\Local\Temp\151ed60a6684433adc5431d433fc5f23.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1GtWvr4RQC\intro_page.html

Filesize
12KB

MD5
6eb05dd8dac412dde3c7c4c77fa795c2

SHA1
4a394aed261ac257c6def15e3b199bbdef869c4d

SHA256
14bac8532e27adf9f8a0645e953b6dbddbeffe0836de6ee53bedb4d6c3a8799e

SHA512
558e994205bd1a96c74d116e79f474b6ffd44f29545276fa122275d4c6c0bc24706e842ea6ebe729fcfd44a9fe5c01a3984dc75d94fddde8678520605395fc50

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
684B

MD5
8ec68649920e8617c7165a44439dd95b

SHA1
5436741d995814b9927cba7ed0c5a5862f4922a2

SHA256
9e767c3a67245003101e10386d194c1f47e35c3691e608212b65f60f64b29bb8

SHA512
679993296a398de40282499182b549fbe0f7088ce127bae9064e8af5ab59ed59f294590c5a817ea7f4509070ecffe1f4fcae447c7c34b47de97b6455e325507e

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
34KB

MD5
328731cee0d7b28fc1ed4348f75379be

SHA1
ff47b86b78916fa76bdc83e5c893a3c982aaca24

SHA256
c951bd3b1693c524427e1ed3b59b6bc25195f7bc4a23b113cc5fe724e3a067b9

SHA512
e3e77098d0c0ca1f34605b02ffe018da21e8ea6469a2c8ca24fecdb8b44cbea26ccba1c21a72e8fa0b9c6f14c8858b40e44579678990f28a7a39752df53ea523

Download Submit
\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
12KB

MD5
b5594a8108d6e878dc44ed7d70efdd7b

SHA1
ba938949fd7d3a6546c3acb20c940f2bba6da8af

SHA256
8aecc2553d92c5f7abf0dfd0fb540c9a2615f9aac687f37adbdf3aac10192587

SHA512
183a24629b9c70cf6bd67f8af75c9dc435e0d8c25611499c4cc99c220006a90a31d9e534b5643e6f19230fc725f2b27f72deada52443dd63eb99a94a65d9e9ac

Download Submit
memory/2032-9-0x0000000000380000-0x00000000005D2000-memory.dmp

Filesize
2.3MB

Download
memory/2032-29-0x0000000000380000-0x00000000005D2000-memory.dmp

Filesize
2.3MB

Download
memory/2212-0-0x00000000003F0000-0x0000000000642000-memory.dmp

Filesize
2.3MB

Download
memory/2212-7-0x00000000003F0000-0x0000000000642000-memory.dmp

Filesize
2.3MB

Download
memory/2212-4-0x0000000002920000-0x0000000002B72000-memory.dmp

Filesize
2.3MB

Download
memory/2212-31-0x0000000002920000-0x0000000002B72000-memory.dmp

Filesize
2.3MB

Download