edbc46bfc1d030ab03571c9281cdbd2a701adc08dfdbbe8305ba5f77cec5ef92

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ea333d6b2df1610797752f002eb26c4.exe
Size

1.5MB
MD5

1ea333d6b2df1610797752f002eb26c4
SHA1

30420a1e5d274d324beb8c7da85eacce1990191a
SHA256

edbc46bfc1d030ab03571c9281cdbd2a701adc08dfdbbe8305ba5f77cec5ef92
SHA512

94b9500915ae536836d4877f30099ce64f25db9afbc7537f06f19ad87dff18c5f58855199c0f2d40d37a5072d1dab0dd9b3a476df9649412eee5686d8ca47ef8
SSDEEP

24576:NyA0bfbDgXjhpFkVoRVCdtcUIQAt4OgB7MBE1K/gpgyDlKtBW:vwD2YaRVCdtfIQg4Oe7MBvgpgei

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3008	1ea333d6b2df1610797752f002eb26c4.exe

Executes dropped EXE 1 IoCs

pid	Process
3008	1ea333d6b2df1610797752f002eb26c4.exe

Loads dropped DLL 1 IoCs

pid	Process
2980	1ea333d6b2df1610797752f002eb26c4.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122c4-13.dat	upx
behavioral1/files/0x000c0000000122c4-12.dat	upx
behavioral1/files/0x000c0000000122c4-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2980	1ea333d6b2df1610797752f002eb26c4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2980	1ea333d6b2df1610797752f002eb26c4.exe
3008	1ea333d6b2df1610797752f002eb26c4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3008	2980	1ea333d6b2df1610797752f002eb26c4.exe	28
PID 2980 wrote to memory of 3008	2980	1ea333d6b2df1610797752f002eb26c4.exe	28
PID 2980 wrote to memory of 3008	2980	1ea333d6b2df1610797752f002eb26c4.exe	28
PID 2980 wrote to memory of 3008	2980	1ea333d6b2df1610797752f002eb26c4.exe	28

C:\Users\Admin\AppData\Local\Temp\1ea333d6b2df1610797752f002eb26c4.exe
"C:\Users\Admin\AppData\Local\Temp\1ea333d6b2df1610797752f002eb26c4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\1ea333d6b2df1610797752f002eb26c4.exe
  C:\Users\Admin\AppData\Local\Temp\1ea333d6b2df1610797752f002eb26c4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1ea333d6b2df1610797752f002eb26c4.exe

Filesize
894KB

MD5
3c6c957b6fa4802c4c28e8cb34cd4e5c

SHA1
59e98ccba8e1331431e2a0432280575138a66c90

SHA256
aa97442133180855d1c0cdbcae83f50e476f5c3f289f80c03a4ed456c57637a9

SHA512
5a1960d5643121456afa41aaffbb8a278945b00762fabcc6cd942c2b01a9cf5894b71158c17dcadf1070896de96eb28abef27a54a615d770e159af9a0f1041fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1ea333d6b2df1610797752f002eb26c4.exe

Filesize
382KB

MD5
a57b15389136a1af814276f81b255c24

SHA1
cb46bb3bc2f1bad08745b3b19f4ac8e7f0e8f119

SHA256
8664589b099fdaa33d8acc4aa3d67c2cfe6764dad1926fb5c877bd1fee359883

SHA512
fd20ae461c17434167918a19dd1042a08a6c96b803b7abc0d1383d70396dee9c41b9cb5960934f09f8a722ad1af907eafbb93d34371ec42d78af8013ba148f1d

Download Submit
\Users\Admin\AppData\Local\Temp\1ea333d6b2df1610797752f002eb26c4.exe

Filesize
1.3MB

MD5
7137bec601ff3b26801b46d049fa9471

SHA1
c54cb70790da1028f0270ddace0db60cdb9aeec9

SHA256
09245252a5fa0714035cc1b139210ea7850b0f66e8a2059a1ab3bd7920c51cee

SHA512
1c69e0d49830604d8deba925cc9a972461b201a091f3326304d3aee729e2282f12e50a2d4da3250a32f04bf43a231e798aea3f271782e53070b8f8e07d567209

Download Submit
memory/2980-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2980-2-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2980-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2980-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3008-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3008-19-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3008-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/3008-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3008-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3008-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download