9f2b5f6aa7cbe150ea437dcb7321d2d59fa809fa13c7efb282b2c30368e8e7f1

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

034ea8bf8f972a09545bf4ed6e9ad2c6.exe
Size

1.5MB
MD5

034ea8bf8f972a09545bf4ed6e9ad2c6
SHA1

1a9e83c12628d1090486824682ff6ad0c51f18ea
SHA256

9f2b5f6aa7cbe150ea437dcb7321d2d59fa809fa13c7efb282b2c30368e8e7f1
SHA512

e89d6670910cae6e6caaab52f202008fc0607630c27a0b4c686a2841b00111824893a566dcf575ec4b850eb1a7dc8781d48bb865ecb7104b6c5ae782f42503c6
SSDEEP

24576:g2WhZEQpodv4Sfk+TKMv3iVieQyqUaONzsKfypPyxdz8WXvO82+adPW:dMZhp+vTMmmVieQj+zsKfW0CWXh2+4P

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2680	034ea8bf8f972a09545bf4ed6e9ad2c6.exe

Executes dropped EXE 1 IoCs

pid	Process
2680	034ea8bf8f972a09545bf4ed6e9ad2c6.exe

Loads dropped DLL 1 IoCs

pid	Process
2956	034ea8bf8f972a09545bf4ed6e9ad2c6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2956-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000120e1-10.dat	upx
behavioral1/memory/2680-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2956	034ea8bf8f972a09545bf4ed6e9ad2c6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2956	034ea8bf8f972a09545bf4ed6e9ad2c6.exe
2680	034ea8bf8f972a09545bf4ed6e9ad2c6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2680	2956	034ea8bf8f972a09545bf4ed6e9ad2c6.exe	28
PID 2956 wrote to memory of 2680	2956	034ea8bf8f972a09545bf4ed6e9ad2c6.exe	28
PID 2956 wrote to memory of 2680	2956	034ea8bf8f972a09545bf4ed6e9ad2c6.exe	28
PID 2956 wrote to memory of 2680	2956	034ea8bf8f972a09545bf4ed6e9ad2c6.exe	28

C:\Users\Admin\AppData\Local\Temp\034ea8bf8f972a09545bf4ed6e9ad2c6.exe
"C:\Users\Admin\AppData\Local\Temp\034ea8bf8f972a09545bf4ed6e9ad2c6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\034ea8bf8f972a09545bf4ed6e9ad2c6.exe
  C:\Users\Admin\AppData\Local\Temp\034ea8bf8f972a09545bf4ed6e9ad2c6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\034ea8bf8f972a09545bf4ed6e9ad2c6.exe

Filesize
1.5MB

MD5
8d751eba9e6027ecc5c9889d71a59a0e

SHA1
daea0eda2d1788fcd5e81c6e9ed481cb20db66c1

SHA256
5fd5b3d1498769ca2c548b4d79186573af4723bdc352fb9ce5383d0dcc178870

SHA512
abf41b8d6a8436fc44d9e5f36dadf7993d973a0c3e1b52e0bb2f1b50762ba73e3860cd0ce11e0fec04717f27ef7c3dae4869e48ded9e1777c756e654c9531961

Download Submit
memory/2680-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2680-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2680-19-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2680-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2680-25-0x0000000003670000-0x000000000389A000-memory.dmp

Filesize
2.2MB

Download
memory/2680-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2956-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2956-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2956-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2956-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2956-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2956-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download