50385d9912fca398c568147f5103b1436f433216f6f896395bbd664e1fc293e6

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04ecfc627270e30979bbda808252cbe6.exe
Size

2.9MB
MD5

04ecfc627270e30979bbda808252cbe6
SHA1

d27fe3576cdb9766773039d5fadb3b8a2e8d402c
SHA256

50385d9912fca398c568147f5103b1436f433216f6f896395bbd664e1fc293e6
SHA512

d64127cffe41c251c8a6c7456d0abd4c4986175566f54f3f3ed9498df69e6f3aa7c6842ea02543305edd96f5281920af83175d26dc602ecdf5318dcbb9facd9b
SSDEEP

49152:Ivb3VJZZgvs5dBvs0mgP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:Ivb3VJUs5dBTmggg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2728	04ecfc627270e30979bbda808252cbe6.exe

Executes dropped EXE 1 IoCs

pid	Process
2728	04ecfc627270e30979bbda808252cbe6.exe

Loads dropped DLL 1 IoCs

pid	Process
1740	04ecfc627270e30979bbda808252cbe6.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d0000000122d2-14.dat	upx
behavioral1/memory/2728-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d0000000122d2-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1740	04ecfc627270e30979bbda808252cbe6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1740	04ecfc627270e30979bbda808252cbe6.exe
2728	04ecfc627270e30979bbda808252cbe6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2728	1740	04ecfc627270e30979bbda808252cbe6.exe	28
PID 1740 wrote to memory of 2728	1740	04ecfc627270e30979bbda808252cbe6.exe	28
PID 1740 wrote to memory of 2728	1740	04ecfc627270e30979bbda808252cbe6.exe	28
PID 1740 wrote to memory of 2728	1740	04ecfc627270e30979bbda808252cbe6.exe	28

C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe
"C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe
  C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe

Filesize
61KB

MD5
05f77d302394b54e3d4bd4dd0c0faefd

SHA1
51632e054173d1b101525e8205b40f5f2921b240

SHA256
5b2b33596a334390af90be6a128efe1d694f5af419a776fbf74f0f512fc2c3b6

SHA512
633575688a4b3080175b9b835c206c17afa165a2126172a95db476a0867fe53f5352ca8a895bf36e36161967ce42ad0f5b32df58e43065d0c2e72fb2d788f54c

Download Submit
\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe

Filesize
87KB

MD5
b3be376c5eca8763ccce9ac02660f3de

SHA1
b35573dc3d1d1e46e3cd1a527bd1f5a74f617a6c

SHA256
7ef690e4950808806625275a11065903f76ae8f0a1d8163313fe40d40cf698e2

SHA512
6d1992a557fe8a6199287880d8db74a52a0ec1dd8cb8f72b19bd3a84ce9117a1107ef27e9200a1364c46267425b656a736f8627a9648710aa60db626984dd48c

Download Submit
memory/1740-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1740-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-15-0x0000000003940000-0x0000000003E2F000-memory.dmp

Filesize
4.9MB

Download
memory/1740-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2728-19-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2728-24-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/2728-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2728-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2728-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2728-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download