5fcc3f7143e906f8c4ca5dd9535d1b3c67a9169f3a963c5c44d9fc3bde83d57f

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01b210320422d9bf04f2bba90a1726d6.exe
Size

2.7MB
MD5

01b210320422d9bf04f2bba90a1726d6
SHA1

8eb031852fb1ae4928b68db0f579840533b3b219
SHA256

5fcc3f7143e906f8c4ca5dd9535d1b3c67a9169f3a963c5c44d9fc3bde83d57f
SHA512

289ad05ac133274adf2ec39ad1a26fee608ac8e19c0d70fb2939e36cc464ecdcee6582aba798535d1494787875dfea1752059267d46feb28f102392439a4ee67
SSDEEP

49152:iuyAVsuoIdZAkhP4LtUzyahjeR9gt0/p4dBRAzhRITJTNx26LGjR9j:NyAVmqZZStayahjeHg+/Gd0hQJTxLsHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2792	01b210320422d9bf04f2bba90a1726d6.exe

Executes dropped EXE 1 IoCs

pid	Process
2792	01b210320422d9bf04f2bba90a1726d6.exe

Loads dropped DLL 1 IoCs

pid	Process
2444	01b210320422d9bf04f2bba90a1726d6.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2444-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012238-10.dat	upx
behavioral1/files/0x000b000000012238-14.dat	upx
behavioral1/memory/2792-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2444	01b210320422d9bf04f2bba90a1726d6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2444	01b210320422d9bf04f2bba90a1726d6.exe
2792	01b210320422d9bf04f2bba90a1726d6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2792	2444	01b210320422d9bf04f2bba90a1726d6.exe	28
PID 2444 wrote to memory of 2792	2444	01b210320422d9bf04f2bba90a1726d6.exe	28
PID 2444 wrote to memory of 2792	2444	01b210320422d9bf04f2bba90a1726d6.exe	28
PID 2444 wrote to memory of 2792	2444	01b210320422d9bf04f2bba90a1726d6.exe	28

C:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe
"C:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe
  C:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe

Filesize
2.7MB

MD5
a16dec959f99ed09da3cc8febff77418

SHA1
f6d9bebd49bf177f7e6efd50f8b41a6f45da2a39

SHA256
329a069ae889e8f8d196ae67331be28a40fc598bac2f9b2aa689f99fa87a0dbc

SHA512
3a6df4e257ecbbaabc4eb2d917b6c209272e5c04af2450357ba64a7c621b1da464f7770bca2da7c029bc98ff0ded57e946318684322cf68039af12d56611c703

Download Submit
\Users\Admin\AppData\Local\Temp\01b210320422d9bf04f2bba90a1726d6.exe

Filesize
64KB

MD5
9f8e1c0bc31e2957b2c9db760da44bbc

SHA1
82d65f81f400cea99d046264d2156d019e7ce4af

SHA256
ad2bbaae3296f0c7571cd25d00ac3c11aa0edb82b74eae31f5d6c3749e4b5501

SHA512
bef5b34272b29d2db1a151c9e79f1702e38f3b6b967922f2bb261d2d5580cd8056ddb92d48732406b5450464b53ad3a92b0d2d1dd6700106076d9d25ed073fbe

Download Submit
memory/2444-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2444-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2444-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2444-15-0x00000000038C0000-0x0000000003DA7000-memory.dmp

Filesize
4.9MB

Download
memory/2444-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2444-31-0x00000000038C0000-0x0000000003DA7000-memory.dmp

Filesize
4.9MB

Download
memory/2792-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2792-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2792-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2792-24-0x0000000003580000-0x00000000037A2000-memory.dmp

Filesize
2.1MB

Download
memory/2792-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2792-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download