69994a9da037da4248ba1a3be10d40f95671a7d6499b4cbee2f8343ffa2f4142

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0055e30c0adbcca8bccb6a9f679b4d66.exe
Size

1.3MB
MD5

0055e30c0adbcca8bccb6a9f679b4d66
SHA1

681c4b5059414c67dc259439bfe990b8eb90e4ce
SHA256

69994a9da037da4248ba1a3be10d40f95671a7d6499b4cbee2f8343ffa2f4142
SHA512

b281449b7822c48e9b4db64792167ae787b2ec60104804656770f967cf2bf67665e552f4db7149cc0efef633ba362e8835a877c1ed96e2b2f6771831de546ab0
SSDEEP

24576:N9X5efJmYo9NzwNiEJjyBIgBOUK4uUY38Uq8/FlRg25BLvG:NV3PiiNIgBNK4HY38olRg2z

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2844	0055e30c0adbcca8bccb6a9f679b4d66.exe

Executes dropped EXE 1 IoCs

pid	Process
2844	0055e30c0adbcca8bccb6a9f679b4d66.exe

Loads dropped DLL 1 IoCs

pid	Process
2936	0055e30c0adbcca8bccb6a9f679b4d66.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000015b6f-16.dat	upx
behavioral1/files/0x0009000000015b6f-13.dat	upx
behavioral1/files/0x0009000000015b6f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2936	0055e30c0adbcca8bccb6a9f679b4d66.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2936	0055e30c0adbcca8bccb6a9f679b4d66.exe
2844	0055e30c0adbcca8bccb6a9f679b4d66.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2844	2936	0055e30c0adbcca8bccb6a9f679b4d66.exe	28
PID 2936 wrote to memory of 2844	2936	0055e30c0adbcca8bccb6a9f679b4d66.exe	28
PID 2936 wrote to memory of 2844	2936	0055e30c0adbcca8bccb6a9f679b4d66.exe	28
PID 2936 wrote to memory of 2844	2936	0055e30c0adbcca8bccb6a9f679b4d66.exe	28

C:\Users\Admin\AppData\Local\Temp\0055e30c0adbcca8bccb6a9f679b4d66.exe
"C:\Users\Admin\AppData\Local\Temp\0055e30c0adbcca8bccb6a9f679b4d66.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Users\Admin\AppData\Local\Temp\0055e30c0adbcca8bccb6a9f679b4d66.exe
  C:\Users\Admin\AppData\Local\Temp\0055e30c0adbcca8bccb6a9f679b4d66.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0055e30c0adbcca8bccb6a9f679b4d66.exe

Filesize
1.1MB

MD5
d272ce15475b6bcdd5f21e7e104779ad

SHA1
595a4b8e5d47a423c0e0dc4c1c9fb9836fffabbd

SHA256
9001e0bb973050423302cfbccb782eadb775c4f572c623e7df6a67734aecec58

SHA512
aeca6876ee4e249a9110268c71b3687dd97f614d0b37793e04b0d701d56274184a72b989d8f4d4508f24a48198457fb2a0c5d9dfed97f746ccc0f4f18ec5849e

Download Submit
C:\Users\Admin\AppData\Local\Temp\0055e30c0adbcca8bccb6a9f679b4d66.exe

Filesize
894KB

MD5
07de916ad3faa804291259ace4ad7069

SHA1
85ad8ddd0c17713a9b7ef384e8a888b403f9b5a5

SHA256
047601e4c0f3d5a51e2b727bcb5830db1ca7363640102266afb5899604d4e9ef

SHA512
cdc90b18bbd09db01f777664b859db2e8cc17ac2ef64d827080cdd8047b7e6bba18013d79e76874e1ebda9ce425d386227e1ec0f4fb08bab0f2e762abc6ad439

Download Submit
\Users\Admin\AppData\Local\Temp\0055e30c0adbcca8bccb6a9f679b4d66.exe

Filesize
1.3MB

MD5
9e609c156c27461f797974a5238ef039

SHA1
b9f3d5311edf6ea5d9fea5ae636b1f0fe4976da3

SHA256
0dd344009b9d5d28f8b58f70470c6b9fe34bdabdb4c230fb2fb750a27acf4d03

SHA512
6aabc619d8ccde804ccf4cba1d01cc0d9a33925eb0cd3269fc03e08a0cdd31ff9dc054391812ae4fb9260fa7aa6dee051d0697bc061e0b8e1381b1adcaca8de1

Download Submit
memory/2844-19-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2844-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2844-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2936-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2936-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2936-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2936-15-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2936-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2936-25-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download