a51eab26f0bd93a51a21d68b1933a5d8b19c4bb7018cc3275ad81604158439dd

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68ac84e26e2ea808911df1afc44af49d.exe
Size

2.9MB
MD5

68ac84e26e2ea808911df1afc44af49d
SHA1

b3eec98ecd9f6d3757d42bd4b34e937fead090c3
SHA256

a51eab26f0bd93a51a21d68b1933a5d8b19c4bb7018cc3275ad81604158439dd
SHA512

68795da6ef32df14aef6c9308499358e5c1f43ac05fd4bfc8831698c25bcebcb0ba29a32bf33e3d1ee9f92c076a0a2de4e6e3506702718873c4cc5bc969cd595
SSDEEP

49152:xCdWl+v0ZEqbj+HgEyYXjFMCXfP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:xCym0ZDj+qwjnXfgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1888	68ac84e26e2ea808911df1afc44af49d.exe

Executes dropped EXE 1 IoCs

pid	Process
1888	68ac84e26e2ea808911df1afc44af49d.exe

Loads dropped DLL 1 IoCs

pid	Process
2292	68ac84e26e2ea808911df1afc44af49d.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2292-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012262-10.dat	upx
behavioral1/files/0x000a000000012262-14.dat	upx
behavioral1/memory/2292-15-0x0000000003910000-0x0000000003DFF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2292	68ac84e26e2ea808911df1afc44af49d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2292	68ac84e26e2ea808911df1afc44af49d.exe
1888	68ac84e26e2ea808911df1afc44af49d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1888	2292	68ac84e26e2ea808911df1afc44af49d.exe	28
PID 2292 wrote to memory of 1888	2292	68ac84e26e2ea808911df1afc44af49d.exe	28
PID 2292 wrote to memory of 1888	2292	68ac84e26e2ea808911df1afc44af49d.exe	28
PID 2292 wrote to memory of 1888	2292	68ac84e26e2ea808911df1afc44af49d.exe	28

C:\Users\Admin\AppData\Local\Temp\68ac84e26e2ea808911df1afc44af49d.exe
"C:\Users\Admin\AppData\Local\Temp\68ac84e26e2ea808911df1afc44af49d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\68ac84e26e2ea808911df1afc44af49d.exe
  C:\Users\Admin\AppData\Local\Temp\68ac84e26e2ea808911df1afc44af49d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\68ac84e26e2ea808911df1afc44af49d.exe

Filesize
381KB

MD5
f7d723af1fb08d7d3aa2c2dca24b3bf0

SHA1
05c6202f56cb0a3385cefa3613923d4525c500b8

SHA256
e6c734c5a6545d5903db51ecf59ed94b8b1b30fe26bd5c89d3672bec4fbd136b

SHA512
71d7751808a9037f277dd9c735976a804fea7cbdf8f6d6bb92a71007739629457b0c275b21ca273de75018aa43e117039cf73ba0bba63ab847cc5f4ee8a1674c

Download Submit
\Users\Admin\AppData\Local\Temp\68ac84e26e2ea808911df1afc44af49d.exe

Filesize
1.2MB

MD5
ded222be83b8fec39628a5c16c9f2ae2

SHA1
baa140600c94d47a13569bcf969283ef15cba01f

SHA256
e493fb9c5356aa64a798d55df85844bd4141f9b582dcbf32f482d49c3b538a96

SHA512
5c43c1c8fc3dd0f5e9307963315174d331471eaf30708be3666305a94219dfdaff2c57cfdfee2ccb24446774fbbe49c85dcb423745a925f248c9119d53d7a872

Download Submit
memory/1888-19-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1888-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1888-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1888-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1888-25-0x00000000036D0000-0x00000000038FA000-memory.dmp

Filesize
2.2MB

Download
memory/1888-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2292-3-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2292-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2292-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2292-15-0x0000000003910000-0x0000000003DFF000-memory.dmp

Filesize
4.9MB

Download
memory/2292-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download