d54a7650f83b4eed710c994dc0678a6d4adc47dda5a5856de0f0be53a65970b8

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02694e15e04890445430bc1647f0e1f3.exe
Size

11.7MB
MD5

02694e15e04890445430bc1647f0e1f3
SHA1

998ea6f28ffd39c1b2b2cba346746be7c7a1a12e
SHA256

d54a7650f83b4eed710c994dc0678a6d4adc47dda5a5856de0f0be53a65970b8
SHA512

b3962c0c565ceba61e6ad79d2d1b54a875c0e6c47e2bb1ac71b7c8c0c345b3d5b1de0939f96b9833711a4edd6e4bd09f7c6ff3a9243569af59e4af398070341f
SSDEEP

196608:PZIMgl/iBiPy9Cuy5qgl/iBiP455Ggl/iBiPy9Cuy5qgl/iBiP:PZIM2il9Cu92iZ82il9Cu92i

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2196	02694e15e04890445430bc1647f0e1f3.exe

Executes dropped EXE 1 IoCs

pid	Process
2196	02694e15e04890445430bc1647f0e1f3.exe

Loads dropped DLL 1 IoCs

pid	Process
2240	02694e15e04890445430bc1647f0e1f3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c00000001220d-13.dat	upx
behavioral1/files/0x000c00000001220d-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2240	02694e15e04890445430bc1647f0e1f3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2240	02694e15e04890445430bc1647f0e1f3.exe
2196	02694e15e04890445430bc1647f0e1f3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2196	2240	02694e15e04890445430bc1647f0e1f3.exe	22
PID 2240 wrote to memory of 2196	2240	02694e15e04890445430bc1647f0e1f3.exe	22
PID 2240 wrote to memory of 2196	2240	02694e15e04890445430bc1647f0e1f3.exe	22
PID 2240 wrote to memory of 2196	2240	02694e15e04890445430bc1647f0e1f3.exe	22

C:\Users\Admin\AppData\Local\Temp\02694e15e04890445430bc1647f0e1f3.exe
"C:\Users\Admin\AppData\Local\Temp\02694e15e04890445430bc1647f0e1f3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\02694e15e04890445430bc1647f0e1f3.exe
  C:\Users\Admin\AppData\Local\Temp\02694e15e04890445430bc1647f0e1f3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\02694e15e04890445430bc1647f0e1f3.exe

Filesize
29KB

MD5
164b64bcc29a079d028fc095abdcd61d

SHA1
ecea82f3a3af70562c5eff46401a8fdf55860ad1

SHA256
69ac2362f8e4c10081d744e1dbb0a51a56b798936b3864909ecaaeab0a28e632

SHA512
c8ae767c57a88958ab74f778fb9a9e2b47aae45bfe0949aa0844f6ad61a80520f3fbb0691e234835dd1e465b964c2772a6c24126663c48d8a2d1ba75530e8f3c

Download Submit
memory/2196-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2196-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2196-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2196-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2196-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2196-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2240-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2240-15-0x00000000049A0000-0x0000000004E8F000-memory.dmp

Filesize
4.9MB

Download
memory/2240-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2240-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2240-31-0x00000000049A0000-0x0000000004E8F000-memory.dmp

Filesize
4.9MB

Download
memory/2240-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download