caaa0c57f040273d482fc154b9a2a736a8f00300ed25471723fed6ecaf57d596

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06c030e3ea328d855071fdafa5f2523a.exe
Size

2.4MB
MD5

06c030e3ea328d855071fdafa5f2523a
SHA1

a55df7a05b8ce3849cc0b9718e42aedd4e57ea86
SHA256

caaa0c57f040273d482fc154b9a2a736a8f00300ed25471723fed6ecaf57d596
SHA512

828242af4ebb278bfc969bc6f89e7d6ad47f4b8c990279cc2647bbfd5019900b7940dc8a6524f75dfac500cd4993bcbd08e6fc0054a6cd3562ebb238a809ea2e
SSDEEP

49152:XnGqmfm+4zAL4p0lfoDTsNNYhLP4M338dB2IBlGuuDVUsdxxjr:XnGczAL4p0qTaNSgg3gnl/IVUs1jr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2408	06c030e3ea328d855071fdafa5f2523a.exe

Executes dropped EXE 1 IoCs

pid	Process
2408	06c030e3ea328d855071fdafa5f2523a.exe

Loads dropped DLL 1 IoCs

pid	Process
1972	06c030e3ea328d855071fdafa5f2523a.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1972-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012280-10.dat	upx
behavioral1/files/0x0009000000012280-14.dat	upx
behavioral1/memory/2408-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1972	06c030e3ea328d855071fdafa5f2523a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1972	06c030e3ea328d855071fdafa5f2523a.exe
2408	06c030e3ea328d855071fdafa5f2523a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2408	1972	06c030e3ea328d855071fdafa5f2523a.exe	21
PID 1972 wrote to memory of 2408	1972	06c030e3ea328d855071fdafa5f2523a.exe	21
PID 1972 wrote to memory of 2408	1972	06c030e3ea328d855071fdafa5f2523a.exe	21
PID 1972 wrote to memory of 2408	1972	06c030e3ea328d855071fdafa5f2523a.exe	21

C:\Users\Admin\AppData\Local\Temp\06c030e3ea328d855071fdafa5f2523a.exe
"C:\Users\Admin\AppData\Local\Temp\06c030e3ea328d855071fdafa5f2523a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\06c030e3ea328d855071fdafa5f2523a.exe
  C:\Users\Admin\AppData\Local\Temp\06c030e3ea328d855071fdafa5f2523a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\06c030e3ea328d855071fdafa5f2523a.exe

Filesize
1KB

MD5
626e3afb0eff0f37d3f975c151d22015

SHA1
fad22a7e572760dae41799a1e3a1ebbfd3189ec5

SHA256
a2121a65557716dd63fe9d5ce667ffeff4275241978edc1763fdc12f352d2b61

SHA512
2b44b70e503f577ce993092e0e1b244072667d9a96a9b4130b9047d8be362d5091ee3a7ae810ac453b5f2f4962def2b08b3988ba21460811e7ed85be0cc5a70a

Download Submit
\Users\Admin\AppData\Local\Temp\06c030e3ea328d855071fdafa5f2523a.exe

Filesize
22KB

MD5
08c154b651e2481cc0fe22b0bdef7326

SHA1
efe3d281915e04bd98fc5c67bb26bffe21e68749

SHA256
e1781bba57a76701705be1285acf5928944dc8f0b6f64878508732a8c7c710b6

SHA512
405de2f7fab2f22f972e32268e682e311e30fd3cee0a091920b288dbd511272fe75939caec2709d571230b7f1042c21a025c4b3889d71b21a3b2c2ab27580693

Download Submit
memory/1972-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1972-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-15-0x0000000003880000-0x0000000003D6F000-memory.dmp

Filesize
4.9MB

Download
memory/1972-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2408-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2408-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2408-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2408-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2408-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2408-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download