07727a4901e215a51b5f5fa2176e52ef34bd0103e4540d3f5311627cdd4728de

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 16:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b59c41ce1b956b7ff0a82262462e953.exe
Size

353KB
MD5

2b59c41ce1b956b7ff0a82262462e953
SHA1

93426c98ccf4c46c94b3160d5ee3bb6e0188eb56
SHA256

07727a4901e215a51b5f5fa2176e52ef34bd0103e4540d3f5311627cdd4728de
SHA512

4d6bd32f719a28212a98b4fefd04ede7fbfa4a4eec2fb017f3e710bb6e0041886f988532eda0981f0c900e897655749a22f423f5222a8f298bb87acb1f26c94e
SSDEEP

6144:aL40heF3k22PTqLqvmbbQh19nSXKPYdxfsLPrPwo+:OA0uCmQh1bPYTfmE

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2664	2b59c41ce1b956b7ff0a82262462e953.exe

Executes dropped EXE 1 IoCs

pid	Process
2664	2b59c41ce1b956b7ff0a82262462e953.exe

Loads dropped DLL 1 IoCs

pid	Process
2600	2b59c41ce1b956b7ff0a82262462e953.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2600-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x0008000000012262-16.dat	upx
behavioral1/memory/2664-17-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/memory/2600-15-0x0000000002D30000-0x0000000002E21000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2600	2b59c41ce1b956b7ff0a82262462e953.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2600	2b59c41ce1b956b7ff0a82262462e953.exe
2664	2b59c41ce1b956b7ff0a82262462e953.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2664	2600	2b59c41ce1b956b7ff0a82262462e953.exe	29
PID 2600 wrote to memory of 2664	2600	2b59c41ce1b956b7ff0a82262462e953.exe	29
PID 2600 wrote to memory of 2664	2600	2b59c41ce1b956b7ff0a82262462e953.exe	29
PID 2600 wrote to memory of 2664	2600	2b59c41ce1b956b7ff0a82262462e953.exe	29

C:\Users\Admin\AppData\Local\Temp\2b59c41ce1b956b7ff0a82262462e953.exe
"C:\Users\Admin\AppData\Local\Temp\2b59c41ce1b956b7ff0a82262462e953.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Users\Admin\AppData\Local\Temp\2b59c41ce1b956b7ff0a82262462e953.exe
  C:\Users\Admin\AppData\Local\Temp\2b59c41ce1b956b7ff0a82262462e953.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2b59c41ce1b956b7ff0a82262462e953.exe

Filesize
353KB

MD5
bd3eac93930ae8fcd9fcfb9207dc3f66

SHA1
3f9703faf7bd7d882f6a03cba693eb9b6fe35151

SHA256
f1d88c483c8a6fda37489c8f0e9c1e5720bf0e2eec2b50364c31bea4b6483afd

SHA512
90680da351163b24aa7cb876fa9877fa8141352308e9f2e099403402c510975093b732e5b1bb0657bd4d78264abd92a96576a6b2dffd0eddb5e1e68f190deae0

Download Submit
memory/2600-15-0x0000000002D30000-0x0000000002E21000-memory.dmp

Filesize
964KB

Download
memory/2600-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2600-2-0x0000000000220000-0x0000000000253000-memory.dmp

Filesize
204KB

Download
memory/2600-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2600-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2600-31-0x0000000002D30000-0x0000000002E21000-memory.dmp

Filesize
964KB

Download
memory/2664-17-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2664-18-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2664-19-0x0000000000310000-0x0000000000343000-memory.dmp

Filesize
204KB

Download
memory/2664-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2664-30-0x0000000000390000-0x00000000003E0000-memory.dmp

Filesize
320KB

Download
memory/2664-32-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download