3bf8f114cae4af01e2eb3a0f0ee13ebf678fdc039a7f92053f612cd1723b5269

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0897fc15dab686aefb5ad0ef2a153aa8.exe
Size

2.4MB
MD5

0897fc15dab686aefb5ad0ef2a153aa8
SHA1

2ac7d1e589bd2d9d7970ebe004119bbadf88b4b4
SHA256

3bf8f114cae4af01e2eb3a0f0ee13ebf678fdc039a7f92053f612cd1723b5269
SHA512

d17a8a93da1dc1734d51f256661d7e452cfb50b5b2f573dd0f6da312d34223c8463fae8f3d91657f7d914335352b9d26a9a8075ad1773136539c408f0ffe7b29
SSDEEP

49152:w5mmc0Ng/j2tFwKZrae+jnYyrtxr1hTWZ29P4M338dB2IBlGuuDVUsdxxjr:WmmvNsatFWev0P1Iogg3gnl/IVUs1jr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2128	0897fc15dab686aefb5ad0ef2a153aa8.exe

Executes dropped EXE 1 IoCs

pid	Process
2128	0897fc15dab686aefb5ad0ef2a153aa8.exe

Loads dropped DLL 1 IoCs

pid	Process
2004	0897fc15dab686aefb5ad0ef2a153aa8.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000014825-15.dat	upx
behavioral1/files/0x000a000000014825-12.dat	upx
behavioral1/files/0x000a000000014825-10.dat	upx
behavioral1/memory/2004-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2004	0897fc15dab686aefb5ad0ef2a153aa8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2004	0897fc15dab686aefb5ad0ef2a153aa8.exe
2128	0897fc15dab686aefb5ad0ef2a153aa8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2128	2004	0897fc15dab686aefb5ad0ef2a153aa8.exe	17
PID 2004 wrote to memory of 2128	2004	0897fc15dab686aefb5ad0ef2a153aa8.exe	17
PID 2004 wrote to memory of 2128	2004	0897fc15dab686aefb5ad0ef2a153aa8.exe	17
PID 2004 wrote to memory of 2128	2004	0897fc15dab686aefb5ad0ef2a153aa8.exe	17

C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe
"C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe
  C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe

Filesize
347KB

MD5
13258e2c53fdf8aec1080e6931be84e7

SHA1
5a268d022ee3101881eabbdb8ff488049207a4de

SHA256
092cd018113c8b1ec2552e8e4f9447666372bcbeb1e31e4bdcbd3d1db82e6f8e

SHA512
79ce20e150f2c842f8aebd231f8ba79ee9fe779b1f7f33d62e2f4ba89087e38422a671e0f545ad5d03ad8ebbb924b9a80044ed4d94c704fdd217939855b2b654

Download Submit
\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe

Filesize
93KB

MD5
4303e599d7f1cd82bc3a156775176dae

SHA1
56ba3c0d52bcd040b6a7a92bccc02c3892fcffad

SHA256
50d96560ff38f95a28b1151d3d493d3cb113240e87e95f3a7db83e0cdbc3d54c

SHA512
1bee4f881701b2bc631c404aa4efa0e8e8f8cff26f6fbbeee198f61e66d557e5067efac566a3dcf478799c24b8826b160eeca08fc57c53f14091a2403f56c99e

Download Submit
memory/2004-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2004-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2004-31-0x0000000003850000-0x0000000003D3F000-memory.dmp

Filesize
4.9MB

Download
memory/2004-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2004-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2004-14-0x0000000003850000-0x0000000003D3F000-memory.dmp

Filesize
4.9MB

Download
memory/2128-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2128-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2128-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2128-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2128-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2128-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download