20e11dc4046f6fd5e5013684e5663a37d3e0bc7da1895d81e3b27426f2c44eb8

Analysis

max time kernel
120s
max time network
161s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

035ba4837bf9df3cb02ab60942704b27.exe
Size

9.1MB
MD5

035ba4837bf9df3cb02ab60942704b27
SHA1

e2e4527430dabcb2b316f9c2a84411e737655dbf
SHA256

20e11dc4046f6fd5e5013684e5663a37d3e0bc7da1895d81e3b27426f2c44eb8
SHA512

2ea4a74aa1e98f4365b0d3a5d79346ab717db76e5f6be21177a07a9e8be7c652785d546c81302448c6a04e1634f2e1ccd5341019c8368dc20d51993892fafda5
SSDEEP

196608:byM3DqJrSFLgl/iBYJa7QSVtzItgl/iB+B2mgl/iBYJa7QSVtzItgl/iB0:b5uJmFL2i+aUSm2ioX2i+aUSm2i0

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2972	035ba4837bf9df3cb02ab60942704b27.exe

Executes dropped EXE 1 IoCs

pid	Process
2972	035ba4837bf9df3cb02ab60942704b27.exe

Loads dropped DLL 1 IoCs

pid	Process
2712	035ba4837bf9df3cb02ab60942704b27.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2712-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012262-15.dat	upx
behavioral1/files/0x000b000000012262-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2712	035ba4837bf9df3cb02ab60942704b27.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2712	035ba4837bf9df3cb02ab60942704b27.exe
2972	035ba4837bf9df3cb02ab60942704b27.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2972	2712	035ba4837bf9df3cb02ab60942704b27.exe	27
PID 2712 wrote to memory of 2972	2712	035ba4837bf9df3cb02ab60942704b27.exe	27
PID 2712 wrote to memory of 2972	2712	035ba4837bf9df3cb02ab60942704b27.exe	27
PID 2712 wrote to memory of 2972	2712	035ba4837bf9df3cb02ab60942704b27.exe	27

C:\Users\Admin\AppData\Local\Temp\035ba4837bf9df3cb02ab60942704b27.exe
"C:\Users\Admin\AppData\Local\Temp\035ba4837bf9df3cb02ab60942704b27.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\035ba4837bf9df3cb02ab60942704b27.exe
  C:\Users\Admin\AppData\Local\Temp\035ba4837bf9df3cb02ab60942704b27.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\035ba4837bf9df3cb02ab60942704b27.exe

Filesize
70KB

MD5
57c41a83dc3bbd231e93528a833b7497

SHA1
ec2aa236a5e8da40df0f0c6a513f9b41d2d975b8

SHA256
73cef3a06719826949a9198db03b3385829d194e6ce60d53ccab78e8bd1a448b

SHA512
46cb125a83728ce16d959c15681467c6c13796b3954faf3d975834383ac999bcdf9b5a29cf54f3a96958cfc25ee5c5aa67e5d0cf0c2121e0bfb07d6350719885

Download Submit
\Users\Admin\AppData\Local\Temp\035ba4837bf9df3cb02ab60942704b27.exe

Filesize
771KB

MD5
14bab24b84f2c6d79df192e7408b0634

SHA1
688ed2ec3cf5f14e2cac3f49f3cc51f4b00736a2

SHA256
d188add3523cb8a00dff3ef79077f7da62ccb54841b05f60169403a4d4d7b07c

SHA512
b9c792e6eeeee89bff837167ccff68ea557695583177c3784f506c5db17eca052a21524fb4dca3eb1ced2cdc7f493c638d3e46b830b13820aa55b923046d928d

Download Submit
memory/2712-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-1-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2712-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-14-0x0000000004430000-0x000000000491F000-memory.dmp

Filesize
4.9MB

Download
memory/2712-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2972-19-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2972-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2972-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2972-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2972-25-0x0000000003520000-0x000000000374A000-memory.dmp

Filesize
2.2MB

Download
memory/2972-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download