4600dc9ab10641f692ea29b2bf5f3d3df8a2f48aa763415fd9fc61c87d7a3209

Analysis

max time kernel
117s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ea1ade6b33221de9f6d9a5915c6c41c.exe
Size

5.8MB
MD5

1ea1ade6b33221de9f6d9a5915c6c41c
SHA1

1bd1198dfd9e2d0560011536c2c986cc57a43ac5
SHA256

4600dc9ab10641f692ea29b2bf5f3d3df8a2f48aa763415fd9fc61c87d7a3209
SHA512

7b51f91499e6e7c6c9bbccd9fc02e4803ada749663a13f45632083580e735b22db2d5e94846e137dded7e02c30c326ddb8600a835c62d87c3884462b3485e8e0
SSDEEP

98304:c9OJQBmROtekO4HBUCczzM3ttrsR3BxnY3EAp4HBUCczzM3:c9Igm6WCxh+3XY4WC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2856	1ea1ade6b33221de9f6d9a5915c6c41c.exe

Executes dropped EXE 1 IoCs

pid	Process
2856	1ea1ade6b33221de9f6d9a5915c6c41c.exe

Loads dropped DLL 1 IoCs

pid	Process
2076	1ea1ade6b33221de9f6d9a5915c6c41c.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012260-14.dat	upx
behavioral1/memory/2076-15-0x0000000003ED0000-0x00000000043BF000-memory.dmp	upx
behavioral1/memory/2856-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012260-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2076	1ea1ade6b33221de9f6d9a5915c6c41c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2076	1ea1ade6b33221de9f6d9a5915c6c41c.exe
2856	1ea1ade6b33221de9f6d9a5915c6c41c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2856	2076	1ea1ade6b33221de9f6d9a5915c6c41c.exe	27
PID 2076 wrote to memory of 2856	2076	1ea1ade6b33221de9f6d9a5915c6c41c.exe	27
PID 2076 wrote to memory of 2856	2076	1ea1ade6b33221de9f6d9a5915c6c41c.exe	27
PID 2076 wrote to memory of 2856	2076	1ea1ade6b33221de9f6d9a5915c6c41c.exe	27

C:\Users\Admin\AppData\Local\Temp\1ea1ade6b33221de9f6d9a5915c6c41c.exe
"C:\Users\Admin\AppData\Local\Temp\1ea1ade6b33221de9f6d9a5915c6c41c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\1ea1ade6b33221de9f6d9a5915c6c41c.exe
  C:\Users\Admin\AppData\Local\Temp\1ea1ade6b33221de9f6d9a5915c6c41c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1ea1ade6b33221de9f6d9a5915c6c41c.exe

Filesize
192KB

MD5
1418de3fccb33a874502d28de1c6b981

SHA1
cc1795d5f7b0343ba133f04510bf275f2196c05b

SHA256
6ccbe4adae8363fbff2f721921f26d5418ee62de8cb218d5d95ec31cc0f1c944

SHA512
5bc029e83257ddcff0c3ba82d88cbb3324ee10e90c302fca4b88272c800f3a3cc64f99b645a691ea4389c79e0bc62067355a5d98e903de4cf8b45f64755baf8c

Download Submit
\Users\Admin\AppData\Local\Temp\1ea1ade6b33221de9f6d9a5915c6c41c.exe

Filesize
329KB

MD5
fc823fe1b582fb022f46d320a30db628

SHA1
e5fe8c639bdadf1770aea6ee47f67809b4d19bbb

SHA256
132c14127575378076ffda4fd0d394f2d88e36a682f378f23b74c90130955acc

SHA512
f5a7d6847ffc39dbb6fbf038a05f17ca50e04d01130dbd4bfca7276e8b6210407067e56cb1cef8344b040a3c38f3912c850064cf822b26542bce0e87086b6d0f

Download Submit
memory/2076-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2076-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2076-2-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2076-15-0x0000000003ED0000-0x00000000043BF000-memory.dmp

Filesize
4.9MB

Download
memory/2076-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2076-33-0x0000000003ED0000-0x00000000043BF000-memory.dmp

Filesize
4.9MB

Download
memory/2856-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2856-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2856-17-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2856-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2856-25-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/2856-34-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download