533d962d2084f6306f40dca33c5a5a0a8408e61adc24b95fb13fccc161d178d7

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e1bb50d1b247baf60f2243e42760efd.exe
Size

1010KB
MD5

1e1bb50d1b247baf60f2243e42760efd
SHA1

dce135f07d0e3263f586778b0ed2608863ba423a
SHA256

533d962d2084f6306f40dca33c5a5a0a8408e61adc24b95fb13fccc161d178d7
SHA512

5d70940a91bcbaceb1f97f37a2ede74afed15b78728ed7d02ebb4e2f6c18b536d2d8e3fee21ceee61332dac3dac7f95cb890419958213e293bd11c9762c931f0
SSDEEP

12288:Vnjp8km4egkhfFYTfm6hiYc5plDFwrilMiYTfm:jvmfBmfduvlB7lbmf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2400	1e1bb50d1b247baf60f2243e42760efd.exe

Executes dropped EXE 1 IoCs

pid	Process
2400	1e1bb50d1b247baf60f2243e42760efd.exe

Loads dropped DLL 1 IoCs

pid	Process
2496	1e1bb50d1b247baf60f2243e42760efd.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2496-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x000b000000012243-10.dat	upx
behavioral1/memory/2400-17-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2496	1e1bb50d1b247baf60f2243e42760efd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2496	1e1bb50d1b247baf60f2243e42760efd.exe
2400	1e1bb50d1b247baf60f2243e42760efd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2400	2496	1e1bb50d1b247baf60f2243e42760efd.exe	29
PID 2496 wrote to memory of 2400	2496	1e1bb50d1b247baf60f2243e42760efd.exe	29
PID 2496 wrote to memory of 2400	2496	1e1bb50d1b247baf60f2243e42760efd.exe	29
PID 2496 wrote to memory of 2400	2496	1e1bb50d1b247baf60f2243e42760efd.exe	29

C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe
"C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe
  C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe

Filesize
1010KB

MD5
512bf2b1498fc38f656d9513fbbec28f

SHA1
833268c8e82a0d69a0e11dfda4124e554c6abc1f

SHA256
4597d3e207c3fd95a5ba656d0d0f482f396e2d42e987a9f1928ce6ba5e7745f2

SHA512
21fd050e146defcabac76eb0ecbbe7cd1514813177c3967ed1fe81fdb1424e1576e06d793a49ba9d55463d78643e95fed0fc7d8a3619764b6b444d46f6c2dc6a

Download Submit
memory/2400-25-0x00000000003A0000-0x00000000003F0000-memory.dmp

Filesize
320KB

Download
memory/2400-17-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2400-18-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2400-19-0x0000000000190000-0x00000000001C3000-memory.dmp

Filesize
204KB

Download
memory/2400-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2400-32-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2496-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2496-1-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/2496-15-0x0000000000300000-0x00000000003F1000-memory.dmp

Filesize
964KB

Download
memory/2496-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2496-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2496-31-0x0000000000300000-0x00000000003F1000-memory.dmp

Filesize
964KB

Download