655e1dfd1971496d443f0f27d125332a0c6c9c92a24b1d78f9b41d08c469c29e

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

414f2f01869a018ccab15567cf90c342.exe
Size

5.8MB
MD5

414f2f01869a018ccab15567cf90c342
SHA1

5cec551f09ea09d03b727be7d7d12e7e201565c3
SHA256

655e1dfd1971496d443f0f27d125332a0c6c9c92a24b1d78f9b41d08c469c29e
SHA512

f2ba4f58fe5e869fc6c12efb8f6c8b122a90fad567e784966f8e736b3a5eaa5e33130ae0b96564f1b09e481c46f0772ee2cc1b0ff97620aa5d2fe33829da7246
SSDEEP

98304:vAiVoYp0VGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:vAiiXnGhRaaCkN9qHGhRa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2680	414f2f01869a018ccab15567cf90c342.exe

Executes dropped EXE 1 IoCs

pid	Process
2680	414f2f01869a018ccab15567cf90c342.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	414f2f01869a018ccab15567cf90c342.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2336-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012185-14.dat	upx
behavioral1/files/0x000b000000012185-10.dat	upx
behavioral1/memory/2680-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2336	414f2f01869a018ccab15567cf90c342.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2336	414f2f01869a018ccab15567cf90c342.exe
2680	414f2f01869a018ccab15567cf90c342.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2680	2336	414f2f01869a018ccab15567cf90c342.exe	28
PID 2336 wrote to memory of 2680	2336	414f2f01869a018ccab15567cf90c342.exe	28
PID 2336 wrote to memory of 2680	2336	414f2f01869a018ccab15567cf90c342.exe	28
PID 2336 wrote to memory of 2680	2336	414f2f01869a018ccab15567cf90c342.exe	28

C:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe
"C:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe
  C:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe

Filesize
4.4MB

MD5
5a6ec7c967299e5353c4940443f2d6f9

SHA1
add0522943b6bf2a33f926f3440194d4461b67a2

SHA256
e266cbe51aaf3ba59158ab071e2f88154ce7a7da82b1536a8e4517ae6b9efc55

SHA512
29733233cbc6b4b89f670e092d1cbb998c71a65eece5bbc2f01630a082e5e242ebe27e338bc5b72a188e27211af8c38f43c196ca4852743a82a5723e4ca15925

Download Submit
\Users\Admin\AppData\Local\Temp\414f2f01869a018ccab15567cf90c342.exe

Filesize
5.8MB

MD5
b339223164e005e850b4dce866fe91f8

SHA1
db8b87351a709d0cbb5eac2face897bac1c9f730

SHA256
24df4e92c58bd0cdc0b6d7a184917303589784f3c64ab5d818f3dd18d0a3cff9

SHA512
f1a2af6d7cb1479c6032a4e67752820e7e76d93364d23efc4d897efb93bb15600f6aa6404c13112a00866758029895ee1cadf1a0b4960c7637f29b38197d3313

Download Submit
memory/2336-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2336-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2336-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2336-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2336-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2336-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2680-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2680-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2680-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2680-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2680-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2680-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download