b4349e961f697a679b8e0f5ea34ab1a3b641df41e23aeb348e8dd750223ae5c6

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02c16f69bd3b79d7ea90fb1f0ac43b79.exe
Size

1.3MB
MD5

02c16f69bd3b79d7ea90fb1f0ac43b79
SHA1

36d6b02bdaa2e8178778afc39f0635996ce28142
SHA256

b4349e961f697a679b8e0f5ea34ab1a3b641df41e23aeb348e8dd750223ae5c6
SHA512

26f755e438f8f436e410a5165130cbe42c7d7864765530c3362035b239632bd73857d39cc8b64bf8c71993a5978e6710bec059972af462aa8e9c119863d9774d
SSDEEP

24576:CJF+X6dsCvmcHYbGGyHd9lbMlwj63hDVYck4V/7/cA3HAidn6evG:GoX6B9Tp9JM7hpYcNV/rj3HAid6

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2828	02c16f69bd3b79d7ea90fb1f0ac43b79.exe

Executes dropped EXE 1 IoCs

pid	Process
2828	02c16f69bd3b79d7ea90fb1f0ac43b79.exe

Loads dropped DLL 1 IoCs

pid	Process
2124	02c16f69bd3b79d7ea90fb1f0ac43b79.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2124-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012243-11.dat	upx
behavioral1/files/0x000a000000012243-13.dat	upx
behavioral1/files/0x000a000000012243-16.dat	upx
behavioral1/memory/2828-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2124	02c16f69bd3b79d7ea90fb1f0ac43b79.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2124	02c16f69bd3b79d7ea90fb1f0ac43b79.exe
2828	02c16f69bd3b79d7ea90fb1f0ac43b79.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2828	2124	02c16f69bd3b79d7ea90fb1f0ac43b79.exe	28
PID 2124 wrote to memory of 2828	2124	02c16f69bd3b79d7ea90fb1f0ac43b79.exe	28
PID 2124 wrote to memory of 2828	2124	02c16f69bd3b79d7ea90fb1f0ac43b79.exe	28
PID 2124 wrote to memory of 2828	2124	02c16f69bd3b79d7ea90fb1f0ac43b79.exe	28

C:\Users\Admin\AppData\Local\Temp\02c16f69bd3b79d7ea90fb1f0ac43b79.exe
"C:\Users\Admin\AppData\Local\Temp\02c16f69bd3b79d7ea90fb1f0ac43b79.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\02c16f69bd3b79d7ea90fb1f0ac43b79.exe
  C:\Users\Admin\AppData\Local\Temp\02c16f69bd3b79d7ea90fb1f0ac43b79.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\02c16f69bd3b79d7ea90fb1f0ac43b79.exe

Filesize
179KB

MD5
22c54ba673ed2f53a4a64d0d115ce533

SHA1
08f0d03f1e8948d9a7ffb2a3cd8f5126dd121086

SHA256
a708125b4a066a644a83f357f4e77e040f872f787e47718711bdd5a60385df2c

SHA512
f164f49760bc4e56c45521e72132ac21857f1dd6ece757344df9f8e82729f39236e910d27ac56f3e0167dc7176501a9278c1ca77cbbcdcab876122125d26861f

Download Submit
C:\Users\Admin\AppData\Local\Temp\02c16f69bd3b79d7ea90fb1f0ac43b79.exe

Filesize
175KB

MD5
96ff790152413674732ab1c9c0f180e8

SHA1
d68e0466670a1c89f8ce13bc2877df513347f4cf

SHA256
d98522821c6dd5bee53c48088a3947d83f9e7bbb44bf083b35d1e349e976f117

SHA512
37d5dc8aec0ce4a61c2ac4a5d0e3e648ebe77f53d5b4162f0994dcb8bd7631ff0ffb200ed9d542b10fccbe4cffb897cdea3b72db4572354415c5a35e59df38b6

Download Submit
\Users\Admin\AppData\Local\Temp\02c16f69bd3b79d7ea90fb1f0ac43b79.exe

Filesize
195KB

MD5
c1a1c6bc41a7cf76874a5fa48405b540

SHA1
01c630bd95643ff76cbbfeed19396c3f65a0ce76

SHA256
ea5b9dd75f397549d123b8981225a1f520d2510590b098d2d93c4107441debf6

SHA512
cc35f9e67ddc81a477006418b1fc5652f932de0ed2b6691880c383e5303b291b57362700e3ff3911f1881813635c4cfc783b4a6f7ab463106d1a804834aa4a0a

Download Submit
memory/2124-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2124-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2124-3-0x0000000000240000-0x0000000000352000-memory.dmp

Filesize
1.1MB

Download
memory/2124-15-0x00000000034D0000-0x000000000393A000-memory.dmp

Filesize
4.4MB

Download
memory/2124-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2828-20-0x0000000000280000-0x0000000000392000-memory.dmp

Filesize
1.1MB

Download
memory/2828-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2828-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2828-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download