38f71cab947013419ee723f5e591f6340b9ae3b0cc99d271089189b488c61530

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

025bcf402ed76fbaada5316f4a0e0085.exe
Size

2.9MB
MD5

025bcf402ed76fbaada5316f4a0e0085
SHA1

675d5f3ea172c796fc160cfdfd6af300af23cf91
SHA256

38f71cab947013419ee723f5e591f6340b9ae3b0cc99d271089189b488c61530
SHA512

589ed4336987e0286d2da680ded918b62e9047aa3a090be5f4a0ec17fca195f0848889ce4779a5a61168eb3f9300d1e714c178eccf52b7737a3417a4df293323
SSDEEP

49152:md5S0Pf71MF+CZzmgRsE0Mv8t/+NmP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:mDTz1MF+CZ5RsE0Mv4Qmgg3gnl/IVUsn

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2384	025bcf402ed76fbaada5316f4a0e0085.exe

Executes dropped EXE 1 IoCs

pid	Process
2384	025bcf402ed76fbaada5316f4a0e0085.exe

Loads dropped DLL 1 IoCs

pid	Process
2280	025bcf402ed76fbaada5316f4a0e0085.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00080000000120dc-10.dat	upx
behavioral1/files/0x00080000000120dc-15.dat	upx
behavioral1/memory/2384-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2280-13-0x0000000003980000-0x0000000003E6F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2280	025bcf402ed76fbaada5316f4a0e0085.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2280	025bcf402ed76fbaada5316f4a0e0085.exe
2384	025bcf402ed76fbaada5316f4a0e0085.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2384	2280	025bcf402ed76fbaada5316f4a0e0085.exe	28
PID 2280 wrote to memory of 2384	2280	025bcf402ed76fbaada5316f4a0e0085.exe	28
PID 2280 wrote to memory of 2384	2280	025bcf402ed76fbaada5316f4a0e0085.exe	28
PID 2280 wrote to memory of 2384	2280	025bcf402ed76fbaada5316f4a0e0085.exe	28

C:\Users\Admin\AppData\Local\Temp\025bcf402ed76fbaada5316f4a0e0085.exe
"C:\Users\Admin\AppData\Local\Temp\025bcf402ed76fbaada5316f4a0e0085.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\025bcf402ed76fbaada5316f4a0e0085.exe
  C:\Users\Admin\AppData\Local\Temp\025bcf402ed76fbaada5316f4a0e0085.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\025bcf402ed76fbaada5316f4a0e0085.exe

Filesize
130KB

MD5
9b446cbe1c889e3feff17cca761b3744

SHA1
78c96e06aa75b6d0ce6809f8fb298c69b1a65fae

SHA256
23e7c0ed28a808cbcbabe1175b4d0780264e58e8dd1fec09f21f807630d350f7

SHA512
29aa74748aeda9fd2b58ad5d92f4acf094b2dae029722a428ea1f89f260e91fc9cc2dcb97af21b2b9f1c2600db2c25341300577652b3c44855c64d67be5614e8

Download Submit
\Users\Admin\AppData\Local\Temp\025bcf402ed76fbaada5316f4a0e0085.exe

Filesize
184KB

MD5
580ae254dae7ac315738c7240fc402fc

SHA1
08f6379eaa4228dc0a2fcf31efe1d232a20f5a8b

SHA256
fed78b32b1d194b1ea8d4cd666a5d3dee8dd9ae938ff6404d5d19b03a5aaffa3

SHA512
0995cac84d95acf5873626df0d4880448de06c5632c1525be6f6670c67fe781dd1954980c5a4af1bb9a758a7a719168211943493e34a0904be90c5a359cc77fd

Download Submit
memory/2280-13-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/2280-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2280-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2384-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2384-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2384-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2384-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2384-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2384-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download