53d7348ec63c986a243e8d518ee4c5568450448ebc6bfd4b30dc67110388f04f

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06a0c1588216dad4af9029b248bfdfdd.exe
Size

5.8MB
MD5

06a0c1588216dad4af9029b248bfdfdd
SHA1

4fde696086552d58678aa9a3d1a13aed6ccb2883
SHA256

53d7348ec63c986a243e8d518ee4c5568450448ebc6bfd4b30dc67110388f04f
SHA512

6403eafa12e1e7f74588de80bfb46bb59618a7dd8bc4b27d6a2aa619035aaa5dd250b0676581d75132ec5a32aec1b49bf6ae626783bd7a4ec1b4952541be4831
SSDEEP

98304:IMcB1Ryg//FKLnDD32Lw3u4rkP5QfAKUJRIgtlSDD32Lw3u4rk:IMcBfyc6Cw3nCWAKKmCw3n

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2116	06a0c1588216dad4af9029b248bfdfdd.exe

Executes dropped EXE 1 IoCs

pid	Process
2116	06a0c1588216dad4af9029b248bfdfdd.exe

Loads dropped DLL 1 IoCs

pid	Process
2104	06a0c1588216dad4af9029b248bfdfdd.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2104-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e0000000126a2-10.dat	upx
behavioral1/memory/2104-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp	upx
behavioral1/memory/2116-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e0000000126a2-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2104	06a0c1588216dad4af9029b248bfdfdd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2104	06a0c1588216dad4af9029b248bfdfdd.exe
2116	06a0c1588216dad4af9029b248bfdfdd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2116	2104	06a0c1588216dad4af9029b248bfdfdd.exe	28
PID 2104 wrote to memory of 2116	2104	06a0c1588216dad4af9029b248bfdfdd.exe	28
PID 2104 wrote to memory of 2116	2104	06a0c1588216dad4af9029b248bfdfdd.exe	28
PID 2104 wrote to memory of 2116	2104	06a0c1588216dad4af9029b248bfdfdd.exe	28

C:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe
"C:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe
  C:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe

Filesize
319KB

MD5
ead0168364c277d1a4736493285152a5

SHA1
6d051e9504f17bafda13a4f72508f76a7b008844

SHA256
ac8489e20e0b2d73cb10f361057d361b3844f5ca35edc4e40fdc8f4494557ed5

SHA512
11c2454881b889d8f9659ae796bc9d0ff3c67d73b636bd3102cc0c414cd0d5d80013006bd38424ad40d5891667fe697dd1d9febe363d9df2d7c0a0a7034fdac5

Download Submit
\Users\Admin\AppData\Local\Temp\06a0c1588216dad4af9029b248bfdfdd.exe

Filesize
180KB

MD5
57ee13b22467098146ca7ae51aa3d549

SHA1
46ef4bb57cc0ffee81cc021d4e959a525ebed7f2

SHA256
1539409dd812bdf15e5cf2a6bfba35a1ae39727218eb44448338f98a81d8c3bb

SHA512
f28b2e6b2edb2a1024fa1922afc4a9bdc16e8378ab0ee24d2aa97d011f4e223ca462f864da868d6f54a9125d742e0639f88d5f009c9e96820b0654d86bd3719c

Download Submit
memory/2104-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2104-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2104-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2104-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2104-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2104-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2116-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2116-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2116-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download