461b1e60ba8c1ca5b4219124573dd46cd7096af54bb4eea3a54c0a5de3c181b2

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

031f5bab9d0527300cc9f32baa134d73.exe
Size

2.7MB
MD5

031f5bab9d0527300cc9f32baa134d73
SHA1

62b9406f70217c2cd295b841304f44e46e922107
SHA256

461b1e60ba8c1ca5b4219124573dd46cd7096af54bb4eea3a54c0a5de3c181b2
SHA512

cdcf200d9f40b5bd3986a97c62ce5d883200460abd1386702ec3a1eb3fd273c6ecc698bc1997aa941106fbbf266995457ac7074c3c8ce75b5a40e5b6e81f6196
SSDEEP

49152:q0t9mZmP9ou004CSjhkxLuXuO2t9rR9TJdlB4011X3rTEK4lhVMqJtKZJhJX9HRt:PvNX4CSjqxLCuOu9rHTJdzz1HrYK4nmh

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2936	031f5bab9d0527300cc9f32baa134d73.exe

Executes dropped EXE 1 IoCs

pid	Process
2936	031f5bab9d0527300cc9f32baa134d73.exe

Loads dropped DLL 1 IoCs

pid	Process
1872	031f5bab9d0527300cc9f32baa134d73.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000900000001447e-13.dat	upx
behavioral1/files/0x000900000001447e-10.dat	upx
behavioral1/memory/1872-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1872	031f5bab9d0527300cc9f32baa134d73.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1872	031f5bab9d0527300cc9f32baa134d73.exe
2936	031f5bab9d0527300cc9f32baa134d73.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2936	1872	031f5bab9d0527300cc9f32baa134d73.exe	17
PID 1872 wrote to memory of 2936	1872	031f5bab9d0527300cc9f32baa134d73.exe	17
PID 1872 wrote to memory of 2936	1872	031f5bab9d0527300cc9f32baa134d73.exe	17
PID 1872 wrote to memory of 2936	1872	031f5bab9d0527300cc9f32baa134d73.exe	17

C:\Users\Admin\AppData\Local\Temp\031f5bab9d0527300cc9f32baa134d73.exe
"C:\Users\Admin\AppData\Local\Temp\031f5bab9d0527300cc9f32baa134d73.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Users\Admin\AppData\Local\Temp\031f5bab9d0527300cc9f32baa134d73.exe
  C:\Users\Admin\AppData\Local\Temp\031f5bab9d0527300cc9f32baa134d73.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\031f5bab9d0527300cc9f32baa134d73.exe

Filesize
363KB

MD5
8e464f890696178a05885d96b0a61565

SHA1
cf7628bc1076d4353feb305564f5e62fa7b5b837

SHA256
3c1688ff538a9215e0daaa35235afbdecb75094bf7fc991804a916f9ad7e64f8

SHA512
82690d39a125fecb00ec70f2675297a1b40892f6d635e6edc19b8cd1db030534b88536dd7c408cf47ec69a5f4e57d3510127b4556ea2964c237a420730fd7023

Download Submit
\Users\Admin\AppData\Local\Temp\031f5bab9d0527300cc9f32baa134d73.exe

Filesize
410KB

MD5
714c4413d41c98ac3a61f52011ef780c

SHA1
35b36b1ed066ef307b666b3a3f24b7f5168b3ded

SHA256
41babcec931ec9a943db282a7f8a70f3401840c89a4a2d60abb25a8b5d04f070

SHA512
a082b225080a33072c2043503cb341dddecb4b6867e711f8ab6e01050459e8e46a285a32b8e25971a2f5ce3c162447ff39f0e1274ae4e8c495e00c5860be9453

Download Submit
memory/1872-15-0x00000000038F0000-0x0000000003DD7000-memory.dmp

Filesize
4.9MB

Download
memory/1872-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1872-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1872-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1872-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1872-30-0x00000000038F0000-0x0000000003DD7000-memory.dmp

Filesize
4.9MB

Download
memory/2936-18-0x0000000000230000-0x0000000000361000-memory.dmp

Filesize
1.2MB

Download
memory/2936-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2936-24-0x00000000034A0000-0x00000000036C2000-memory.dmp

Filesize
2.1MB

Download
memory/2936-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2936-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2936-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download