Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 09:15

General

  • Target

    62e4a125d91338d7fe346ef6d3eb5886.exe

  • Size

    2.6MB

  • MD5

    62e4a125d91338d7fe346ef6d3eb5886

  • SHA1

    72121c35e4824ea1c4866b72aa0116bd170d3763

  • SHA256

    8663179e1da8ce0d590efd025a995a0ddeeab099518e923306a28abb4ccdbbcb

  • SHA512

    3d17df54fbd2c236d993271a61dc04f946b50f8f5b901a9a22ee87434b58633cef4c77872fdac347f4e30635a3267b8e8cf167644ba8eca319a5193cebb66396

  • SSDEEP

    49152:Js+4lPMwPnpEKUsQrt7WDeuD45Tlo99kl++TIS3Ray3:JYPMdtlPZR3

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62e4a125d91338d7fe346ef6d3eb5886.exe
    "C:\Users\Admin\AppData\Local\Temp\62e4a125d91338d7fe346ef6d3eb5886.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\Temp\62e4a125d91338d7fe346ef6d3eb5886.exe
      C:\Users\Admin\AppData\Local\Temp\62e4a125d91338d7fe346ef6d3eb5886.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:2284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\62e4a125d91338d7fe346ef6d3eb5886.exe

    Filesize

    98KB

    MD5

    7a7fcf73001873057b5b691c617c3d92

    SHA1

    867f6892669cf3f35fae9770a4686ef3fcb17c5c

    SHA256

    f58474c92257eef7b73a0f41f7a96e950338a545d11eaf4bd541c3215364d6b0

    SHA512

    a2d5af311d4a723a46a0cc23eb7f7cd77f4d0b87d1c1b316054e874b42f0da9aff8aca94d55093b72388626a397aa4e52d0670d102911df7270c526b0aee6b2a

  • \Users\Admin\AppData\Local\Temp\62e4a125d91338d7fe346ef6d3eb5886.exe

    Filesize

    92KB

    MD5

    dfffbd1f713fe9ac7b3ba920d8401cd4

    SHA1

    ca079274a6ab86e2ae44719fed67f1bffc2c6261

    SHA256

    7d85364134ab064aa6ed770643210ccf785c08ad69e4b000d437150f3ffae940

    SHA512

    0a11d3b12fbb004aaf77d46147050cb2b52ac3f68a39b3fbc9a0c75ca239c81b739af6b381e9b60a5cfe6cc29fa06ba73c6c945774cfc122915e2a0a66f3b749

  • memory/1680-1-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/1680-0-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

  • memory/1680-3-0x00000000021C0000-0x000000000241A000-memory.dmp

    Filesize

    2.4MB

  • memory/1680-15-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

  • memory/1680-16-0x0000000003820000-0x00000000041BE000-memory.dmp

    Filesize

    9.6MB

  • memory/1680-34-0x0000000003820000-0x00000000041BE000-memory.dmp

    Filesize

    9.6MB

  • memory/2284-20-0x00000000021D0000-0x000000000242A000-memory.dmp

    Filesize

    2.4MB

  • memory/2284-18-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/2284-35-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB