2d809cb4678744ada9e0284937f471019d4ff817c1184b9d485956266ab642b3

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04d211625088ef6fd911ab9ab697c1f4.exe
Size

5.3MB
MD5

04d211625088ef6fd911ab9ab697c1f4
SHA1

a795b5932809d2493c616305d5c01699c0d73747
SHA256

2d809cb4678744ada9e0284937f471019d4ff817c1184b9d485956266ab642b3
SHA512

aa9be806efcffd268273ff5de710d52527acd42729f9042617f64f2f675eb34e7738fca4934fc0e147c6437e930f0a8c3d6d1c95226ce685b2a35288e5c26b10
SSDEEP

98304:0MUC2KFRfehHyehoFV39zJxxYc+Ug0HtTU6eHFr92S0RNHyehoFV39zJxxYc+Ugc:j2OmS139zJxxYcjnelrwS0RNS139zJxr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2720	04d211625088ef6fd911ab9ab697c1f4.exe

Executes dropped EXE 1 IoCs

pid	Process
2720	04d211625088ef6fd911ab9ab697c1f4.exe

Loads dropped DLL 1 IoCs

pid	Process
2464	04d211625088ef6fd911ab9ab697c1f4.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2464-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx
behavioral1/files/0x000a000000012243-13.dat	upx
behavioral1/memory/2464-15-0x0000000003E30000-0x0000000004317000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2464	04d211625088ef6fd911ab9ab697c1f4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2464	04d211625088ef6fd911ab9ab697c1f4.exe
2720	04d211625088ef6fd911ab9ab697c1f4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2720	2464	04d211625088ef6fd911ab9ab697c1f4.exe	28
PID 2464 wrote to memory of 2720	2464	04d211625088ef6fd911ab9ab697c1f4.exe	28
PID 2464 wrote to memory of 2720	2464	04d211625088ef6fd911ab9ab697c1f4.exe	28
PID 2464 wrote to memory of 2720	2464	04d211625088ef6fd911ab9ab697c1f4.exe	28

C:\Users\Admin\AppData\Local\Temp\04d211625088ef6fd911ab9ab697c1f4.exe
"C:\Users\Admin\AppData\Local\Temp\04d211625088ef6fd911ab9ab697c1f4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Users\Admin\AppData\Local\Temp\04d211625088ef6fd911ab9ab697c1f4.exe
  C:\Users\Admin\AppData\Local\Temp\04d211625088ef6fd911ab9ab697c1f4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\04d211625088ef6fd911ab9ab697c1f4.exe

Filesize
75KB

MD5
f9a25a219c8126bb6621ae81e9496748

SHA1
a37d3b36bc595c584678d2ca5db6a3272c0bec94

SHA256
2b7cea88e43fa5db3df4eda40ac91394f8d3f2a4dfc8798e2ead080c8f28e6d0

SHA512
d40f72993cbd3821d662f1bb14b2d4f49bab6cbb9ebde718bfb8273645c6d93d316fe41323acc708c57f0365ded2a70424e74fa4a474cb218ba911c3b987f687

Download Submit
\Users\Admin\AppData\Local\Temp\04d211625088ef6fd911ab9ab697c1f4.exe

Filesize
41KB

MD5
57a6cb3f75a739e79a0cfb3b3496b9e7

SHA1
b2068527696575bb7c76ee9ae7541b8317d20ca3

SHA256
0fda074c00782d69fa7443570a29c6bd763598d73c3636592e34cbeedbc4693d

SHA512
effea8862ae10c226a602de67d7fa0b0a37f3fc7fe4fa05ff7bad3f19a8958fdd68614e22397c739894595e73444c384caf3c703c57d980ab1c3235cd1b4793f

Download Submit
memory/2464-15-0x0000000003E30000-0x0000000004317000-memory.dmp

Filesize
4.9MB

Download
memory/2464-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2464-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2464-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2464-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2464-31-0x0000000003E30000-0x0000000004317000-memory.dmp

Filesize
4.9MB

Download
memory/2720-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2720-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2720-19-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2720-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2720-24-0x00000000033D0000-0x00000000035F2000-memory.dmp

Filesize
2.1MB

Download
memory/2720-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download