203837592d860ea0aeda7e8c48d6547fb74c2e640701a833df8a9c45cb017d9e

Analysis

max time kernel
118s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

044ad2835878d1709f4ed332aaf804c1.exe
Size

2.9MB
MD5

044ad2835878d1709f4ed332aaf804c1
SHA1

aa169b0675579f12047874b6628a34d6212363a1
SHA256

203837592d860ea0aeda7e8c48d6547fb74c2e640701a833df8a9c45cb017d9e
SHA512

5c54d50f7492e42a93dabc8c84658a8ec6730b29fc0c2b3c2c3fbaa7d47527e19c3c9a3e8e3a732f693b8b1f20b17e49aec8ad4852a6d3e06d0d072c739e8d95
SSDEEP

49152:VE1TMY9oDdG70YPHd/aMgFpN74NH5HUyNRcUsCVOzetdZJ:q9f1JaZ4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1628	044ad2835878d1709f4ed332aaf804c1.exe

Executes dropped EXE 1 IoCs

pid	Process
1628	044ad2835878d1709f4ed332aaf804c1.exe

Loads dropped DLL 1 IoCs

pid	Process
2636	044ad2835878d1709f4ed332aaf804c1.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2636-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0007000000012281-10.dat	upx
behavioral1/files/0x0007000000012281-15.dat	upx
behavioral1/memory/2636-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx
behavioral1/memory/1628-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2636	044ad2835878d1709f4ed332aaf804c1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2636	044ad2835878d1709f4ed332aaf804c1.exe
1628	044ad2835878d1709f4ed332aaf804c1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 1628	2636	044ad2835878d1709f4ed332aaf804c1.exe	28
PID 2636 wrote to memory of 1628	2636	044ad2835878d1709f4ed332aaf804c1.exe	28
PID 2636 wrote to memory of 1628	2636	044ad2835878d1709f4ed332aaf804c1.exe	28
PID 2636 wrote to memory of 1628	2636	044ad2835878d1709f4ed332aaf804c1.exe	28

C:\Users\Admin\AppData\Local\Temp\044ad2835878d1709f4ed332aaf804c1.exe
"C:\Users\Admin\AppData\Local\Temp\044ad2835878d1709f4ed332aaf804c1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Users\Admin\AppData\Local\Temp\044ad2835878d1709f4ed332aaf804c1.exe
  C:\Users\Admin\AppData\Local\Temp\044ad2835878d1709f4ed332aaf804c1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\044ad2835878d1709f4ed332aaf804c1.exe

Filesize
390KB

MD5
ea21825b58255371fd5e961e07a1740b

SHA1
472df3acf62606d8241da5708d2419970e948906

SHA256
eeef3b7d972b3a0167f511a3fdf5a1171f8858ba0505e5d3f4e455b50c730a42

SHA512
84c646bf68bc85ba81ebc6d0f9a05c2f56c5586a4b351d32ee6ef0083250b931bf969166b06baa50de1b065be5160f03ffc5f9664d43445658e2f478ae1353c4

Download Submit
\Users\Admin\AppData\Local\Temp\044ad2835878d1709f4ed332aaf804c1.exe

Filesize
345KB

MD5
a5149c97d977a3c2c689e3ead24cacb7

SHA1
7f110fb45f599dcc01355bbae40612234702078c

SHA256
a823a66515c5bf0775282092c80580d7b4bcbee9c592bf7a223cd3e7b08496bb

SHA512
00b0262a02a40200a7269f6e8c1f42d69df99d3befdb3b5fdbff5b169cf83f7e2ac3d8ec6e7e972097b688f45e14a49dac4bff765cf09d04c1d20f79d135bcfe

Download Submit
memory/1628-18-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1628-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1628-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1628-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1628-24-0x00000000036D0000-0x00000000038FA000-memory.dmp

Filesize
2.2MB

Download
memory/1628-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2636-4-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2636-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2636-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2636-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2636-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download