9e4771d0d44981e215f6f3b1542a4428af3197746f4cc957396e6893d6d81074

Analysis

max time kernel
126s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05e0c7e97e439b72855aef9fd954eec4.exe
Size

1.5MB
MD5

05e0c7e97e439b72855aef9fd954eec4
SHA1

3679948422607193333b8458a8b400f275d5398d
SHA256

9e4771d0d44981e215f6f3b1542a4428af3197746f4cc957396e6893d6d81074
SHA512

9aeb0cbbbd516d23c5e5a6d39b1b99ba0cf41d2922c6d0e868739d3524a9f5171835e7ea47a1cf14fc905d5270a688c2ec8ccd6c3c625c9d37acdb3e3bb730ff
SSDEEP

24576:xqE7n4qiqeFgenN71Oj9c4D5wifJ2vs7WZy4+X8QT2Tpslk4zCt+VW:gA4qinFge+pbx2UikX8QZh2tq

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1480	05e0c7e97e439b72855aef9fd954eec4.exe

Executes dropped EXE 1 IoCs

pid	Process
1480	05e0c7e97e439b72855aef9fd954eec4.exe

Loads dropped DLL 1 IoCs

pid	Process
1736	05e0c7e97e439b72855aef9fd954eec4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1736-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000600000000f6f8-11.dat	upx
behavioral1/memory/1480-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1736	05e0c7e97e439b72855aef9fd954eec4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1736	05e0c7e97e439b72855aef9fd954eec4.exe
1480	05e0c7e97e439b72855aef9fd954eec4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1480	1736	05e0c7e97e439b72855aef9fd954eec4.exe	30
PID 1736 wrote to memory of 1480	1736	05e0c7e97e439b72855aef9fd954eec4.exe	30
PID 1736 wrote to memory of 1480	1736	05e0c7e97e439b72855aef9fd954eec4.exe	30
PID 1736 wrote to memory of 1480	1736	05e0c7e97e439b72855aef9fd954eec4.exe	30

C:\Users\Admin\AppData\Local\Temp\05e0c7e97e439b72855aef9fd954eec4.exe
"C:\Users\Admin\AppData\Local\Temp\05e0c7e97e439b72855aef9fd954eec4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\05e0c7e97e439b72855aef9fd954eec4.exe
  C:\Users\Admin\AppData\Local\Temp\05e0c7e97e439b72855aef9fd954eec4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\05e0c7e97e439b72855aef9fd954eec4.exe

Filesize
1.5MB

MD5
8a3c6a0ce8a198ebe926fc6a47d2c5f5

SHA1
403290dc24ae829efbb19cf54f4ccfd60bf521c3

SHA256
4efc6f32b286dd95d6a52f5ba95ce237839e1912e2e695dad95ba06442b28762

SHA512
e7a8072ffb25a023eff0fea59b6a3e9e289db294ceaa3e41c6c0a6e51716a34d41d026f11635b45fa4d3c7e2f608b5e99cd55f0eaf62f3252a10cd38d362ca0a

Download Submit
memory/1480-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1480-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1480-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1480-25-0x0000000003650000-0x000000000387A000-memory.dmp

Filesize
2.2MB

Download
memory/1480-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1480-19-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/1736-6-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1736-16-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1736-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1736-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1736-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1736-32-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1736-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download