e0eed2591854e891918ace5a80ed31a2274f1dd206e1beb03eadacf639df64ca

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20879479e4f46888a7bb5d6a3a946900.exe
Size

2.9MB
MD5

20879479e4f46888a7bb5d6a3a946900
SHA1

ef0cef3bf3c680599fe477f1ec34585571a2bf48
SHA256

e0eed2591854e891918ace5a80ed31a2274f1dd206e1beb03eadacf639df64ca
SHA512

f381398b842b02b24b12c7592f8253c89ed721efef63d340f2830063256a9309c5cd7c2906ca9f11a227596bdbab57a593baff38e746dea21653c26aaaf688ed
SSDEEP

49152:Iw7xM9pM/UBMaBjndAPGITVCD5P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:vsM/UFlni6D5gg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2540	20879479e4f46888a7bb5d6a3a946900.exe

Executes dropped EXE 1 IoCs

pid	Process
2540	20879479e4f46888a7bb5d6a3a946900.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	20879479e4f46888a7bb5d6a3a946900.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00070000000122c4-12.dat	upx
behavioral1/files/0x00070000000122c4-14.dat	upx
behavioral1/files/0x00070000000122c4-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	20879479e4f46888a7bb5d6a3a946900.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	20879479e4f46888a7bb5d6a3a946900.exe
2540	20879479e4f46888a7bb5d6a3a946900.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2540	2204	20879479e4f46888a7bb5d6a3a946900.exe	28
PID 2204 wrote to memory of 2540	2204	20879479e4f46888a7bb5d6a3a946900.exe	28
PID 2204 wrote to memory of 2540	2204	20879479e4f46888a7bb5d6a3a946900.exe	28
PID 2204 wrote to memory of 2540	2204	20879479e4f46888a7bb5d6a3a946900.exe	28

C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe
"C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe
  C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe

Filesize
250KB

MD5
b8cf28cae16c663998efaf12d5821ff6

SHA1
84ff5f0f411927999e36651f68503ec462a8fe32

SHA256
29596755a232d9b1f978c5c82101e6ec20f78bfa60d0db803bc01842cfc2aeae

SHA512
4526d550f69a15078d088c2fccf9f793e51f5cdb3928b5ad5a0e293ccf814ce77ec30a71ce0532ccf35f8fd50e8a0eb6aeb8eeb8c28daa7ccf2398d1c19f6bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe

Filesize
166KB

MD5
c6899906bf53172e1c1b1b1f498627f0

SHA1
c1abdd85a733c9b3ccb01e741d1357a231280665

SHA256
82fd45318087b152dcb194bf227bdeab868de84d065a3f4ba39c9095ab4de785

SHA512
2e4eab64381a7e591abc791cc570cc49d454c20ff6259358998a5ad3fc3fedd7246037b018edfc5329685333f7396fdfd253d9a45ecb1a89183bfda25e5b795a

Download Submit
\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe

Filesize
448KB

MD5
8bc2e96ae94a7927875fb40f49f29549

SHA1
f867c301489fe785a3a0d98d455ca291dfa6a166

SHA256
99f84cb46937557d7bbce15a65f081ed721bef9ada890526b027b23f3c66dfca

SHA512
190e90689b6a9a1e9364c5acde236fc33019af53efa96421f6994cd953220530c28d2fbe7b8114eea969c41b14268e76b9967417a0881e4e3a45d61cb7c445ca

Download Submit
memory/2204-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2204-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-16-0x00000000037E0000-0x0000000003CCF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2540-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2540-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2540-20-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2540-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2540-25-0x0000000003510000-0x000000000373A000-memory.dmp

Filesize
2.2MB

Download
memory/2540-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download