6e6609c62decdac7000df9eab51a1ee4324d0902f673d5c07ec0de4f41d1b955

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06b7951869b1bb5272af144179a2efe2.exe
Size

5.3MB
MD5

06b7951869b1bb5272af144179a2efe2
SHA1

bc8ffa78a5524686fd407401a32d1e052c49fada
SHA256

6e6609c62decdac7000df9eab51a1ee4324d0902f673d5c07ec0de4f41d1b955
SHA512

b3139de98b89ca09243d85bb5e1fa5d5f6f6f9e53a3d133ed104c94a080fe94cb845b5828a65f14d7a2481c7d7247a1c50402a590c95d49e0e8890c88fc59e07
SSDEEP

49152:7Y2CnUl6iWJ8d3bsOSdr6f3lszBAmtGV2wiqo21z0sjOvqT6StWS0OSdr6f3lszB:s22Ul6iW+sx6dlyG4wiQ0hv2ftWhx6d

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2692	06b7951869b1bb5272af144179a2efe2.exe

Executes dropped EXE 1 IoCs

pid	Process
2692	06b7951869b1bb5272af144179a2efe2.exe

Loads dropped DLL 1 IoCs

pid	Process
2568	06b7951869b1bb5272af144179a2efe2.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2568-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000012252-11.dat	upx
behavioral1/files/0x0009000000012252-13.dat	upx
behavioral1/memory/2692-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000012252-16.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2568	06b7951869b1bb5272af144179a2efe2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2568	06b7951869b1bb5272af144179a2efe2.exe
2692	06b7951869b1bb5272af144179a2efe2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2692	2568	06b7951869b1bb5272af144179a2efe2.exe	28
PID 2568 wrote to memory of 2692	2568	06b7951869b1bb5272af144179a2efe2.exe	28
PID 2568 wrote to memory of 2692	2568	06b7951869b1bb5272af144179a2efe2.exe	28
PID 2568 wrote to memory of 2692	2568	06b7951869b1bb5272af144179a2efe2.exe	28

C:\Users\Admin\AppData\Local\Temp\06b7951869b1bb5272af144179a2efe2.exe
"C:\Users\Admin\AppData\Local\Temp\06b7951869b1bb5272af144179a2efe2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Users\Admin\AppData\Local\Temp\06b7951869b1bb5272af144179a2efe2.exe
  C:\Users\Admin\AppData\Local\Temp\06b7951869b1bb5272af144179a2efe2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\06b7951869b1bb5272af144179a2efe2.exe

Filesize
1.1MB

MD5
d26a8b93568ea167cdd83185ba0a2c8c

SHA1
52e7369223c0f9658f0949c5f2e99a375cb1769f

SHA256
89ec306688ba1cd87107fa899c5e4beecc0f64c8b7fece367b98d1fb14c91e20

SHA512
b737e8f2096424956d1dd11f8b7fec0dc92f9b462700e84e2d9cb27dfe2b46aeebc006eed76747c4ff2dab00c50cc8e95c8e6dd20c079ab9372fa2337ab40355

Download Submit
C:\Users\Admin\AppData\Local\Temp\06b7951869b1bb5272af144179a2efe2.exe

Filesize
684KB

MD5
b3b249ba56edd0ace40b2d4e049b94d4

SHA1
dca1950035bcaa18a7337147d8719be8fbf23e40

SHA256
f369e84b66f9163b23f85b6f33465c66aafa82eba3e0b68936d6dec7a91178bd

SHA512
32ba076fca5011b34e6b4dda898d871eae88b26818d5770451b9e1b01ac2c9237350697ed15d63b92d7026943dbeba8274928f84ec198e1ebd0f4afb92cee977

Download Submit
\Users\Admin\AppData\Local\Temp\06b7951869b1bb5272af144179a2efe2.exe

Filesize
1.1MB

MD5
e5ccdc05b6ef211e15436125df6ed2e4

SHA1
df16c7e238fb7fcb56a78c001a8437d0d741d6e6

SHA256
06b1b0a606c8f8f8b32ed5b010e0d835159aeb1df38330fa80a17f6f51f63689

SHA512
97aacdd99292301101d99fd37bb3e5820b54c93b36804889116f98406f643a0c7cffcd1eb75a8bc7a10724b0dbf31955319b2f0702a19f06bd4118a708a13f04

Download Submit
memory/2568-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2568-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2568-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2568-3-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2568-14-0x0000000003BF0000-0x000000000405A000-memory.dmp

Filesize
4.4MB

Download
memory/2568-26-0x0000000003BF0000-0x000000000405A000-memory.dmp

Filesize
4.4MB

Download
memory/2692-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2692-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2692-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2692-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download