707c81bd5581efb6952fd2bc1a030f6dd68d2b5b2515ceff1f2e75bbdef1a3a6

Analysis

max time kernel
121s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0532fa47d470b34c2e0f4207c42bcf85.exe
Size

2.9MB
MD5

0532fa47d470b34c2e0f4207c42bcf85
SHA1

7dba0f0ee59f9c3996085ed900a2738f08225331
SHA256

707c81bd5581efb6952fd2bc1a030f6dd68d2b5b2515ceff1f2e75bbdef1a3a6
SHA512

b5d7bd01677761ccfdec14a00e7a62463e02d7408abe32aa3b520ab581dd3fd2fc9d13526a15ad7a244f41edf17243ad48642a6012a5835e0b207822c5970da5
SSDEEP

49152:vHxWsliSYwkEa6Sa2KP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:5niQkva2Kgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2652	0532fa47d470b34c2e0f4207c42bcf85.exe

Executes dropped EXE 1 IoCs

pid	Process
2652	0532fa47d470b34c2e0f4207c42bcf85.exe

Loads dropped DLL 1 IoCs

pid	Process
2044	0532fa47d470b34c2e0f4207c42bcf85.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2044-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012284-10.dat	upx
behavioral1/files/0x0008000000012284-15.dat	upx
behavioral1/memory/2044-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx
behavioral1/memory/2652-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012284-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2044	0532fa47d470b34c2e0f4207c42bcf85.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2044	0532fa47d470b34c2e0f4207c42bcf85.exe
2652	0532fa47d470b34c2e0f4207c42bcf85.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2652	2044	0532fa47d470b34c2e0f4207c42bcf85.exe	28
PID 2044 wrote to memory of 2652	2044	0532fa47d470b34c2e0f4207c42bcf85.exe	28
PID 2044 wrote to memory of 2652	2044	0532fa47d470b34c2e0f4207c42bcf85.exe	28
PID 2044 wrote to memory of 2652	2044	0532fa47d470b34c2e0f4207c42bcf85.exe	28

C:\Users\Admin\AppData\Local\Temp\0532fa47d470b34c2e0f4207c42bcf85.exe
"C:\Users\Admin\AppData\Local\Temp\0532fa47d470b34c2e0f4207c42bcf85.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\0532fa47d470b34c2e0f4207c42bcf85.exe
  C:\Users\Admin\AppData\Local\Temp\0532fa47d470b34c2e0f4207c42bcf85.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0532fa47d470b34c2e0f4207c42bcf85.exe

Filesize
139KB

MD5
88962fa2e0de15114d82ce587b0a0062

SHA1
5ef5b5022ae8f2f8e039ee93c7c0e97ff19654cf

SHA256
1163ac9f17790b8c33e737e6a120c655ac973cd56f154ddb0fba31e81a886bd2

SHA512
ec99251a3ed4a34e52958f9a2efcc2f411b99687885a7cfd3cdbfe9d1da67a27965718863d870d6342bb3bb4b4502bc4a546ab9a4a0c9f6561f8efda66875a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\0532fa47d470b34c2e0f4207c42bcf85.exe

Filesize
139KB

MD5
b5c69f1774f615357bc4977d480cfed9

SHA1
3eae33314ec995de01ace4ef32db8172eb9ce256

SHA256
24b2d48f715cd377d63bc9a606a8358e26d5e4801663e43a8362c979db2615cf

SHA512
e1de7170ac401d975b2220e63267ace60a5cffee2fb03bc1cfdf9729151b74244f9202919d7a95317d56ec013ae476196fcb7bfb3803b6c530e83f84a592bbda

Download Submit
\Users\Admin\AppData\Local\Temp\0532fa47d470b34c2e0f4207c42bcf85.exe

Filesize
173KB

MD5
eba60c44ac3d4ad70dad953fb5c32085

SHA1
68958d46b72a33d4616e41c4b7e5886b035b398e

SHA256
c6fbf699c0c9d6e1262255954430fee64ec2ce67f5bbed20c4fa8b397554ca52

SHA512
d961dca44f9a0a03822989ee0366df7bc3e70320266bdaaf1e0c6df37c3b8a5e7110e8d51744b3e11b512ae964b999e44365def55252dd6fec5f5a3c6114c6c6

Download Submit
memory/2044-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2044-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2044-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2044-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2044-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2044-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2652-17-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2652-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2652-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2652-24-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/2652-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2652-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download