ea44a976ab5e78910b4a1f62730dfa7bfef7f036a1ecfdef87d38951834a17d3

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0543abd85d26a6c65e4c31b4d7542403.exe
Size

1.3MB
MD5

0543abd85d26a6c65e4c31b4d7542403
SHA1

cef6905632738a62d2c1d1eeb937c25a49f2f89f
SHA256

ea44a976ab5e78910b4a1f62730dfa7bfef7f036a1ecfdef87d38951834a17d3
SHA512

7de6efc8f65f60c65297fb4aa0c8a8ec69138f755722eb82cdc4eae98a13e545b6c8a09f37de358d78e51544b6d71adba682c5b321ff993b3e49fc6db5e09a79
SSDEEP

24576:md4yIsaGQKu9jlZl/XK1hys/PMIxw2nuGhslBjDL3GMaEl8vG:mdjPQB3RsHMIxwcRs3LhJ

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2876	0543abd85d26a6c65e4c31b4d7542403.exe

Executes dropped EXE 1 IoCs

pid	Process
2876	0543abd85d26a6c65e4c31b4d7542403.exe

Loads dropped DLL 1 IoCs

pid	Process
2960	0543abd85d26a6c65e4c31b4d7542403.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2960-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x00090000000120e1-11.dat	upx
behavioral1/files/0x00090000000120e1-15.dat	upx
behavioral1/files/0x00090000000120e1-13.dat	upx
behavioral1/memory/2876-16-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2960	0543abd85d26a6c65e4c31b4d7542403.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2960	0543abd85d26a6c65e4c31b4d7542403.exe
2876	0543abd85d26a6c65e4c31b4d7542403.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2876	2960	0543abd85d26a6c65e4c31b4d7542403.exe	28
PID 2960 wrote to memory of 2876	2960	0543abd85d26a6c65e4c31b4d7542403.exe	28
PID 2960 wrote to memory of 2876	2960	0543abd85d26a6c65e4c31b4d7542403.exe	28
PID 2960 wrote to memory of 2876	2960	0543abd85d26a6c65e4c31b4d7542403.exe	28

C:\Users\Admin\AppData\Local\Temp\0543abd85d26a6c65e4c31b4d7542403.exe
"C:\Users\Admin\AppData\Local\Temp\0543abd85d26a6c65e4c31b4d7542403.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\0543abd85d26a6c65e4c31b4d7542403.exe
  C:\Users\Admin\AppData\Local\Temp\0543abd85d26a6c65e4c31b4d7542403.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0543abd85d26a6c65e4c31b4d7542403.exe

Filesize
704KB

MD5
f03fca9c9389c06cdcba3bf0b573cc48

SHA1
b41c875baebe8595c7204e5cb4ffe276b7fb9b26

SHA256
7e2d683d6bd6a592842866fb93d70e0e620dacd124e86001acf43c4429803e30

SHA512
f11b0b09606e10f6d70a83a852e7fc0251e9e9d95bb125ce62d57adcef993375c600b5a0ab285c35779a3762c84bd586da360ddf4f2fbe9f0269e9d97d96ecd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\0543abd85d26a6c65e4c31b4d7542403.exe

Filesize
64KB

MD5
f9f7ac66b2aed2bdc33bbb34716e66e9

SHA1
29e0c76d14c9ec30ddd30cd739973874f98d91a5

SHA256
37065505113dd4258f7f2b3997c93dd502a3f8c60b920445dd0c8b379370c575

SHA512
fb9211da69d013812130129f210b0acb5f692c895fce028e14e8903c769715bf7204798f66c76358c2dc80a039d270bc7fb30079fbfe92aab137ab0d525c7e57

Download Submit
\Users\Admin\AppData\Local\Temp\0543abd85d26a6c65e4c31b4d7542403.exe

Filesize
1.2MB

MD5
5fb213bfce742bfbf76f5e93b6dc2116

SHA1
278d2b8b52196af2f0ba868265f7733f2294327f

SHA256
72bd3815586acedc159744cbb00dd669334fd4e5dbcae21f9e8c68376407b44e

SHA512
7a2ce19ac89b50818e69abcec02392cc7f18661004f1b258431d69c72c64835b857f0b8ad74c845efd97b511f6747c0289f7bb062fb4efce2ff654714c695120

Download Submit
memory/2876-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2876-18-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2876-16-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2876-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2960-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2960-1-0x0000000000240000-0x0000000000352000-memory.dmp

Filesize
1.1MB

Download
memory/2960-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2960-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download