edda1f75843df9a7fa61712ba133330248b20d0ed0d314ec11d2019750a73499

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1ffc2c26ab31b537d7899a9f031db5b6.exe
Size

10.7MB
MD5

1ffc2c26ab31b537d7899a9f031db5b6
SHA1

72d6e7350529d54db43ecc7fdaab04faa4ad2fae
SHA256

edda1f75843df9a7fa61712ba133330248b20d0ed0d314ec11d2019750a73499
SHA512

8c4bf2628de439499f37010ae4e73623beb4f487e4096e5d90ce1cd3cd850dbcd6287de084f7b42a21d5d0df31d4adf669e8185671a3429ec091dc94372aba9e
SSDEEP

196608:XYcQl6YrAsgdsODCF6B/rAsgVt8Cr0rAsgdsODCF6B/rAsg:Ixs6AcOW6A/rreAcOW6A

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3040	1ffc2c26ab31b537d7899a9f031db5b6.exe

Executes dropped EXE 1 IoCs

pid	Process
3040	1ffc2c26ab31b537d7899a9f031db5b6.exe

Loads dropped DLL 1 IoCs

pid	Process
2236	1ffc2c26ab31b537d7899a9f031db5b6.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2236-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012263-16.dat	upx
behavioral1/files/0x000a000000012263-11.dat	upx
behavioral1/memory/2236-15-0x00000000046B0000-0x0000000004B1A000-memory.dmp	upx
behavioral1/memory/3040-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2236	1ffc2c26ab31b537d7899a9f031db5b6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2236	1ffc2c26ab31b537d7899a9f031db5b6.exe
3040	1ffc2c26ab31b537d7899a9f031db5b6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 3040	2236	1ffc2c26ab31b537d7899a9f031db5b6.exe	28
PID 2236 wrote to memory of 3040	2236	1ffc2c26ab31b537d7899a9f031db5b6.exe	28
PID 2236 wrote to memory of 3040	2236	1ffc2c26ab31b537d7899a9f031db5b6.exe	28
PID 2236 wrote to memory of 3040	2236	1ffc2c26ab31b537d7899a9f031db5b6.exe	28

C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe
"C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe
  C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe

Filesize
78KB

MD5
36d89eb3f02e597a1e6fa1beeb07e165

SHA1
62ee86ed4180e2a596c2ce8c8b0e3706da15a4f8

SHA256
adb38789cf6a9bdae5a41c5de875a8083bceacc277e5f4d4e405789d381c5376

SHA512
197cbb9d8fa460cc242e39244bcc401999e67f1eabe37918dc38dfddc00fcad2073751a1740b9503d42534d54930a4bde180ca00b214b5f98e7283fd26ffb063

Download Submit
\Users\Admin\AppData\Local\Temp\1ffc2c26ab31b537d7899a9f031db5b6.exe

Filesize
99KB

MD5
6f2f2a18c56e9562a0735f1855063795

SHA1
b6067037614fc1aa83a80515374cd444efb5f995

SHA256
9f75e918abd30517949eb55044f007cf0ba868a3b57f0f5a7cdffa2090171da0

SHA512
8f0a32e27683d77e479f2dee1b9159ad8eb497a8e5192c172b9d7c3e252d6c2491f8b9fe9a0f4485e73c68ef88a8065b24dd1ab8c8348f5f07f89682026320ec

Download Submit
memory/2236-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2236-1-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2236-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2236-15-0x00000000046B0000-0x0000000004B1A000-memory.dmp

Filesize
4.4MB

Download
memory/2236-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3040-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3040-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3040-18-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/3040-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download