e68141124685d932e5b77bb3b0740ca414689243b533e5ffe8dae31165da4cde

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

027cc29a378169652257d69e7254c5f2.exe
Size

2.9MB
MD5

027cc29a378169652257d69e7254c5f2
SHA1

e9939e3b4462bef4a1a56b2d06dbedab80223ced
SHA256

e68141124685d932e5b77bb3b0740ca414689243b533e5ffe8dae31165da4cde
SHA512

bde92b09fba874548a33b97e660d6d862bd404b503965b74555bda886911d348f6b58952b76fc4711a69ca7780d8f43f0464d00472fd70ec4be6d2e7a1b7de30
SSDEEP

49152:dOFj3o9byZnteaU3GyNHZyJ8yct0QbN74NH5HUyNRcUsCVOzetdZJ:dG3o0tHUtN5y2tL4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2788	027cc29a378169652257d69e7254c5f2.exe

Executes dropped EXE 1 IoCs

pid	Process
2788	027cc29a378169652257d69e7254c5f2.exe

Loads dropped DLL 1 IoCs

pid	Process
2996	027cc29a378169652257d69e7254c5f2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000d00000001225c-13.dat	upx
behavioral1/files/0x000d00000001225c-10.dat	upx
behavioral1/memory/2996-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2996	027cc29a378169652257d69e7254c5f2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2996	027cc29a378169652257d69e7254c5f2.exe
2788	027cc29a378169652257d69e7254c5f2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2788	2996	027cc29a378169652257d69e7254c5f2.exe	17
PID 2996 wrote to memory of 2788	2996	027cc29a378169652257d69e7254c5f2.exe	17
PID 2996 wrote to memory of 2788	2996	027cc29a378169652257d69e7254c5f2.exe	17
PID 2996 wrote to memory of 2788	2996	027cc29a378169652257d69e7254c5f2.exe	17

C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe
"C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe
  C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe

Filesize
39KB

MD5
2f166f385e04aa5235d5f5b2d0893682

SHA1
33ea98f63e95b4aa743df4eff9ad4fa5690baff7

SHA256
05c071970634e1a5997a1a4e0b4895ea4b1e2fa73face1911188e9d967dd3604

SHA512
9e3c492e9364654a2f6b50f31173e8eaf06695fe7a3e6b2d7c65810b0fbc1ee9265ee387ade9d57a4a211f5400df5afa23aadf89ef43dd61ab7fb01782cc4dfe

Download Submit
\Users\Admin\AppData\Local\Temp\027cc29a378169652257d69e7254c5f2.exe

Filesize
10KB

MD5
ef8cc79c0559750844b86b490de75334

SHA1
4188f15bbcfb161b6a5fbd55bd0c718fca6855ba

SHA256
3341a399855658224f69a415f93e58070cc76220e6e16974076a602788c4075c

SHA512
86f85c5472d2ced33e09bf46f84a368f0d13b8b184e543cc2a64d277f9a45bca9f957de465f444beae1fed0f399769e68a389418c65f315ea1764bede1ffc461

Download Submit
memory/2788-25-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2788-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2788-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2788-20-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2788-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2788-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-3-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2996-15-0x00000000038C0000-0x0000000003DAF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2996-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2996-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download