c36f7c9141180d7ebb7706d53d62ca410690948e4063ff2287bb77f034919fc5

Analysis

max time kernel
118s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0316eb365f08f3edb422d536dc3c150d.exe
Size

1.3MB
MD5

0316eb365f08f3edb422d536dc3c150d
SHA1

c94d1cbc13f7a8310c5b1dc7728a601d1daa13ea
SHA256

c36f7c9141180d7ebb7706d53d62ca410690948e4063ff2287bb77f034919fc5
SHA512

7a5580fab058e79329931fafd6d302990e34a836dd01b6d28baf2ecce78ecf82792454f1732a6a8f7446c02f220bc7acc336f37f0a7d8aee2dbc09266106e8d4
SSDEEP

24576:DT7gOztknm/1oe4QyYOZDfqDuFR/bMUDqiNaVaPgwxaLS4S+uPJwsM6WO:DTUOZLa6OsoRDMPikAjx+S4SZhhM6f

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2340	0316eb365f08f3edb422d536dc3c150d.exe

Executes dropped EXE 1 IoCs

pid	Process
2340	0316eb365f08f3edb422d536dc3c150d.exe

Loads dropped DLL 1 IoCs

pid	Process
2516	0316eb365f08f3edb422d536dc3c150d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2516-2-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012267-10.dat	upx
behavioral1/files/0x0008000000012267-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2516	0316eb365f08f3edb422d536dc3c150d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2516	0316eb365f08f3edb422d536dc3c150d.exe
2340	0316eb365f08f3edb422d536dc3c150d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2340	2516	0316eb365f08f3edb422d536dc3c150d.exe	28
PID 2516 wrote to memory of 2340	2516	0316eb365f08f3edb422d536dc3c150d.exe	28
PID 2516 wrote to memory of 2340	2516	0316eb365f08f3edb422d536dc3c150d.exe	28
PID 2516 wrote to memory of 2340	2516	0316eb365f08f3edb422d536dc3c150d.exe	28

C:\Users\Admin\AppData\Local\Temp\0316eb365f08f3edb422d536dc3c150d.exe
"C:\Users\Admin\AppData\Local\Temp\0316eb365f08f3edb422d536dc3c150d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\0316eb365f08f3edb422d536dc3c150d.exe
  C:\Users\Admin\AppData\Local\Temp\0316eb365f08f3edb422d536dc3c150d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0316eb365f08f3edb422d536dc3c150d.exe

Filesize
1004KB

MD5
351b91f9b863c5ad2baea19e950e7742

SHA1
22a9a3ab01362f8b8a54223535dddc580e578238

SHA256
3cbceea89ddebe0cd14e1b74ef698026459ed2e9baa566651458994ebe3cc87b

SHA512
954beb1b195ac20753b6a5a2c224324d35e77bee0cc418057cccbb10e6cacaaaa6760517bc32b0f6fcf6922088fa20d5cdb9f2988b33cf749fa06f8c48798df1

Download Submit
\Users\Admin\AppData\Local\Temp\0316eb365f08f3edb422d536dc3c150d.exe

Filesize
1.3MB

MD5
c3e1f8afb5e24d6f84ae87b230b6ceee

SHA1
a32692df27f7feb4c7241dea31dc2089c24135ef

SHA256
14679d9f82d1f28c7333fea24291348a8627472ba8681dda1cdfdf8b0dc7d893

SHA512
9acdcb7ad399b62cc97e53c9b2dfc4c41c5666f83b37db6c329adc1e65831c7a5e2a68c1c6c4579c3c58df5c7336e251b9559d2725e0eb9280b5685db1db840f

Download Submit
memory/2340-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2340-16-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2340-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2340-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2340-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2516-4-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2516-2-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2516-15-0x00000000035A0000-0x0000000003A8F000-memory.dmp

Filesize
4.9MB

Download
memory/2516-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2516-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2516-29-0x00000000035A0000-0x0000000003A8F000-memory.dmp

Filesize
4.9MB

Download