741fdc14daeefd9bb35c53bb17bcc5145622dd27e3bdf9fde97639ae66b0d5c5

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20417d89dc8a27dd8d0e8ec1e37f97ba.exe
Size

2.9MB
MD5

20417d89dc8a27dd8d0e8ec1e37f97ba
SHA1

fbbcd346226ec30c2390eeb4519a2de46a95e613
SHA256

741fdc14daeefd9bb35c53bb17bcc5145622dd27e3bdf9fde97639ae66b0d5c5
SHA512

fced2fd71b973d973c0156638182532b18b5c829c4b966f222ab10daf3c330053a77df495205700772340d1fbf6426dd78bdb8ce394ae04d0f70e05e7d0f12cf
SSDEEP

49152:xnguqq8Uxfz2kjojtdFeTxKTXiN74NH5HUyNRcUsCVOzetdZJ:xgtoxfzV6FeNKji4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2692	20417d89dc8a27dd8d0e8ec1e37f97ba.exe

Executes dropped EXE 1 IoCs

pid	Process
2692	20417d89dc8a27dd8d0e8ec1e37f97ba.exe

Loads dropped DLL 1 IoCs

pid	Process
1352	20417d89dc8a27dd8d0e8ec1e37f97ba.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1352-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0007000000012284-10.dat	upx
behavioral1/files/0x0007000000012284-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1352	20417d89dc8a27dd8d0e8ec1e37f97ba.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1352	20417d89dc8a27dd8d0e8ec1e37f97ba.exe
2692	20417d89dc8a27dd8d0e8ec1e37f97ba.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2692	1352	20417d89dc8a27dd8d0e8ec1e37f97ba.exe	28
PID 1352 wrote to memory of 2692	1352	20417d89dc8a27dd8d0e8ec1e37f97ba.exe	28
PID 1352 wrote to memory of 2692	1352	20417d89dc8a27dd8d0e8ec1e37f97ba.exe	28
PID 1352 wrote to memory of 2692	1352	20417d89dc8a27dd8d0e8ec1e37f97ba.exe	28

C:\Users\Admin\AppData\Local\Temp\20417d89dc8a27dd8d0e8ec1e37f97ba.exe
"C:\Users\Admin\AppData\Local\Temp\20417d89dc8a27dd8d0e8ec1e37f97ba.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\20417d89dc8a27dd8d0e8ec1e37f97ba.exe
  C:\Users\Admin\AppData\Local\Temp\20417d89dc8a27dd8d0e8ec1e37f97ba.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\20417d89dc8a27dd8d0e8ec1e37f97ba.exe

Filesize
410KB

MD5
73c2e9e7ac53e0e39535f7b3bba0c962

SHA1
a20320ec2e6946cd1914b4e9a5186a10fac9abdf

SHA256
d30845ac8ab79afaab95b8491b96e774a464bddf353351c4589ab6f835817726

SHA512
f6fbb2e4ba7692c253578d41e1057a5163cb1ecb96b55e04f18adb737580393685daeb5c46100e0673dc20bfbcfb0ced5c9508debbfd3e77e0e188ce751df38d

Download Submit
\Users\Admin\AppData\Local\Temp\20417d89dc8a27dd8d0e8ec1e37f97ba.exe

Filesize
446KB

MD5
52b8dcabc5e61dbd9ebe9ad5b10e18b6

SHA1
b572fca853d33dc5a9581390295089ad6f53d690

SHA256
16429b5d9fd48cf3928ee3fe8ddd78948f276a6fb881b6e94ac58fb0dc70cd58

SHA512
71794c4095337b1e37ad7806e84779c8e0913114a45ef39bd4a1484ab2b6408d1e29fa4c8cdaa4653f282154fd8ed1b79efff18f7a62797cf9a5cc15d6d6d1be

Download Submit
memory/1352-15-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/1352-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1352-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1352-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1352-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2692-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2692-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2692-20-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2692-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2692-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2692-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download