f23de5b9e9144d1b8b44bf91a17757c86764a03978db03ac957f9bb169fc8b1e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ef9b0a05b7244fca8aeff84857dae4e.exe
Size

2.5MB
MD5

1ef9b0a05b7244fca8aeff84857dae4e
SHA1

cbab66bad1dc82eb03da5f6ae460698af51f8530
SHA256

f23de5b9e9144d1b8b44bf91a17757c86764a03978db03ac957f9bb169fc8b1e
SHA512

4865dbb74c834561bfcc4c0fe1a07541a6bac622a3de11f23640ce849a71c480ba46c6e210ca593eeaa3d866fb049d6ef0547de570c54bdc068cc7606521c2e6
SSDEEP

49152:uZiOQYnZxNIluS9oZwdUdSXNp8aFGN74NH5HUyNRcUsCVOzet8:uoOBn3NMuSmwdj8ac4HBUCczzx

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2160	1ef9b0a05b7244fca8aeff84857dae4e.exe

Executes dropped EXE 1 IoCs

pid	Process
2160	1ef9b0a05b7244fca8aeff84857dae4e.exe

Loads dropped DLL 1 IoCs

pid	Process
2848	1ef9b0a05b7244fca8aeff84857dae4e.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2848-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2160-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2848-15-0x0000000003880000-0x0000000003D6F000-memory.dmp	upx
behavioral1/files/0x000d000000012262-12.dat	upx
behavioral1/files/0x000d000000012262-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2848	1ef9b0a05b7244fca8aeff84857dae4e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2848	1ef9b0a05b7244fca8aeff84857dae4e.exe
2160	1ef9b0a05b7244fca8aeff84857dae4e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2160	2848	1ef9b0a05b7244fca8aeff84857dae4e.exe	28
PID 2848 wrote to memory of 2160	2848	1ef9b0a05b7244fca8aeff84857dae4e.exe	28
PID 2848 wrote to memory of 2160	2848	1ef9b0a05b7244fca8aeff84857dae4e.exe	28
PID 2848 wrote to memory of 2160	2848	1ef9b0a05b7244fca8aeff84857dae4e.exe	28

C:\Users\Admin\AppData\Local\Temp\1ef9b0a05b7244fca8aeff84857dae4e.exe
"C:\Users\Admin\AppData\Local\Temp\1ef9b0a05b7244fca8aeff84857dae4e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\1ef9b0a05b7244fca8aeff84857dae4e.exe
  C:\Users\Admin\AppData\Local\Temp\1ef9b0a05b7244fca8aeff84857dae4e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1ef9b0a05b7244fca8aeff84857dae4e.exe

Filesize
92KB

MD5
1812befb76577a8730c4b1d01b972801

SHA1
5862a1a99a13388ce254a0f664fa15db57022fd1

SHA256
831fc89aaaac9b06f99f084d67d853b90ee7f8c492b8ff72d2baf60d177f21d1

SHA512
5fea8743e3fd8c6c93401ab5577bac123ce25a9716ff7cb10138d0112279a640fd67646b4ba3ed57159804503f05ec9ef82178fe65e65ad69f76b7208e5232f6

Download Submit
memory/2160-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2160-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2160-18-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2160-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2160-24-0x0000000003510000-0x000000000373A000-memory.dmp

Filesize
2.2MB

Download
memory/2160-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2848-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2848-15-0x0000000003880000-0x0000000003D6F000-memory.dmp

Filesize
4.9MB

Download
memory/2848-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-3-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2848-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-31-0x0000000003880000-0x0000000003D6F000-memory.dmp

Filesize
4.9MB

Download