8742b1e29a76241eb6922566daa29ca63e58b44ee4462257cf859f21dba2d64c

Analysis

max time kernel
122s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

090de8bc81e25fa7bef4385d7d361c16.exe
Size

2.9MB
MD5

090de8bc81e25fa7bef4385d7d361c16
SHA1

c72535e0e6281f5ea420ee52f88fc9facc578210
SHA256

8742b1e29a76241eb6922566daa29ca63e58b44ee4462257cf859f21dba2d64c
SHA512

8c7728b75736ed39d760fd41f89db91dbdb4b34a4752875810d0b92729a3d1074ebcf7f849dd0ce9a27fd766c09c468401c2bb75f4088f8d9d65f225a24d377c
SSDEEP

49152:NURK5DkQF2VWfIERWxSsD4tTXMmTP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:KIDkeKWfIq2T8gg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2668	090de8bc81e25fa7bef4385d7d361c16.exe

Executes dropped EXE 1 IoCs

pid	Process
2668	090de8bc81e25fa7bef4385d7d361c16.exe

Loads dropped DLL 1 IoCs

pid	Process
2248	090de8bc81e25fa7bef4385d7d361c16.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2248-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2668-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012266-13.dat	upx
behavioral1/files/0x0009000000012266-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2248	090de8bc81e25fa7bef4385d7d361c16.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2248	090de8bc81e25fa7bef4385d7d361c16.exe
2668	090de8bc81e25fa7bef4385d7d361c16.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2668	2248	090de8bc81e25fa7bef4385d7d361c16.exe	20
PID 2248 wrote to memory of 2668	2248	090de8bc81e25fa7bef4385d7d361c16.exe	20
PID 2248 wrote to memory of 2668	2248	090de8bc81e25fa7bef4385d7d361c16.exe	20
PID 2248 wrote to memory of 2668	2248	090de8bc81e25fa7bef4385d7d361c16.exe	20

C:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe
"C:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe
  C:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe

Filesize
31KB

MD5
d784d938d2df03e5ce97e6a710c4b775

SHA1
61b14f4dcb9a02557f20adf179ce52de1c21afa9

SHA256
3bc2b2b2f2f3cd7228872a5a5187fceed069083359fcda80f5bf40b34e1d5953

SHA512
8db0d599a98ab5913dae8304b748b478ee348adc5adca579b3d36b2c62ce9ccd0183ad5799676efea0dd4a9e5afeb5a6478b3422c96ac5ca2604d52435f471ca

Download Submit
\Users\Admin\AppData\Local\Temp\090de8bc81e25fa7bef4385d7d361c16.exe

Filesize
90KB

MD5
cf67fa52b4d0f5b96c6dc09ed20a227e

SHA1
e7ea466122f4a02f6ea2570b2d847b10dcbda161

SHA256
14957ea18ba487d4e2bca2e55218b588f5bf776f0e973527e888d43b04ba7aa8

SHA512
6e157ae5f47a084ba6a74389315105c5c8ab29d464e17160cd4dc831c6f5ae7545a94e784967571a5bf26fbac5c2ad79bf5d7d8e1366a91522b7ff2add2cb46d

Download Submit
memory/2248-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2248-15-0x00000000038A0000-0x0000000003D8F000-memory.dmp

Filesize
4.9MB

Download
memory/2248-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2248-2-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2248-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2248-31-0x00000000038A0000-0x0000000003D8F000-memory.dmp

Filesize
4.9MB

Download
memory/2668-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2668-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2668-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2668-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2668-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2668-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download