a312226482b7b8fa44e3827b2572b0ee58dbfe0d104f4b3a978f76ef36d6f357

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f605b47e868a089a99ef140274d4800e.exe
Size

353KB
MD5

f605b47e868a089a99ef140274d4800e
SHA1

80d0a05b9a7d9d36f4001c6bace2ee29aeebef0e
SHA256

a312226482b7b8fa44e3827b2572b0ee58dbfe0d104f4b3a978f76ef36d6f357
SHA512

68a9e63a51c605989f8da2b633d2a65c026bb6ad5d9fa5478a17e569523ea31ac13af42c897a2800a65e111e4fd39ea7f4f1aecac0d5c14c402cbb5dfba09fe8
SSDEEP

6144:r6ksFVXy/DORL7oU4V5Ab0hpCAOpCfKvTPhX/CKAPCDJgEjjYdxfsLPrPwo+:r6kUC/DOlcVKb0aQSvf28JhXYTfmE

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2544	f605b47e868a089a99ef140274d4800e.exe

Executes dropped EXE 1 IoCs

pid	Process
2544	f605b47e868a089a99ef140274d4800e.exe

Loads dropped DLL 1 IoCs

pid	Process
2176	f605b47e868a089a99ef140274d4800e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2176-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x000a0000000133a9-10.dat	upx
behavioral1/files/0x000a0000000133a9-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2176	f605b47e868a089a99ef140274d4800e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2176	f605b47e868a089a99ef140274d4800e.exe
2544	f605b47e868a089a99ef140274d4800e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2544	2176	f605b47e868a089a99ef140274d4800e.exe	29
PID 2176 wrote to memory of 2544	2176	f605b47e868a089a99ef140274d4800e.exe	29
PID 2176 wrote to memory of 2544	2176	f605b47e868a089a99ef140274d4800e.exe	29
PID 2176 wrote to memory of 2544	2176	f605b47e868a089a99ef140274d4800e.exe	29

C:\Users\Admin\AppData\Local\Temp\f605b47e868a089a99ef140274d4800e.exe
"C:\Users\Admin\AppData\Local\Temp\f605b47e868a089a99ef140274d4800e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\f605b47e868a089a99ef140274d4800e.exe
  C:\Users\Admin\AppData\Local\Temp\f605b47e868a089a99ef140274d4800e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f605b47e868a089a99ef140274d4800e.exe

Filesize
353KB

MD5
a6aa291a944451a51e9e1be607833021

SHA1
68e0abf708552438bfeeb47d5113ec707c4d0670

SHA256
91f7cdb731aef46ceb19b2af43689c97711b4ff5116896fe094d6bb29dab55da

SHA512
d23c741abc85eb9b7e3601fc6bd156d1610ebeb1004a23ba21d61b11ba926610cb0f4cd83167594d3ec9835828575e09fbd66bc1506dde08ca49e07c34abc13c

Download Submit
\Users\Admin\AppData\Local\Temp\f605b47e868a089a99ef140274d4800e.exe

Filesize
64KB

MD5
c867166ccc1836fd1cce07fb16b8b5eb

SHA1
8dc86a816934cfa24be4009d778d00a042f8e4f5

SHA256
b768eb8bbd2311c784e2ee9259b06b099f18a8bb084b094716f9d98d347bf367

SHA512
4abf02713171826e812bb006d9ce4b97729a83d831d64957fb78dd13b7fb96e52576aece3a5f7d2cf406783d94a4a2523459f04e374dc9ec36d7f7ce7943e9e2

Download Submit
memory/2176-18-0x0000000002D30000-0x0000000002E21000-memory.dmp

Filesize
964KB

Download
memory/2176-1-0x0000000000190000-0x00000000001C3000-memory.dmp

Filesize
204KB

Download
memory/2176-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2176-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2176-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2176-31-0x0000000002D30000-0x0000000002E21000-memory.dmp

Filesize
964KB

Download
memory/2544-16-0x0000000000210000-0x0000000000243000-memory.dmp

Filesize
204KB

Download
memory/2544-17-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2544-30-0x0000000000290000-0x00000000002E0000-memory.dmp

Filesize
320KB

Download
memory/2544-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2544-21-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2544-32-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download