f5f858fc212917d8b4b554ccf41a751e49a7b86508af08b5d7aa9177af23dcdd

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09a7c25d3274aa2b6efe782eb844a96f.exe
Size

2.7MB
MD5

09a7c25d3274aa2b6efe782eb844a96f
SHA1

9c5e4a9bb133b9698bd822574c606e36ad5d6d6e
SHA256

f5f858fc212917d8b4b554ccf41a751e49a7b86508af08b5d7aa9177af23dcdd
SHA512

b923dc63765ea4c16a1b36fcc39a270af76a15f67341c474eae1e9a174a43854db134e28eb40972a458f80d69a8b954ca4acb2565106437a6e15bcc27038f7b9
SSDEEP

49152:ppS/LSo0svZR/Bx1/ltvVsCIQR8cgLOJxdxRxhFQVwwQPp:ppSDx0sbL7lVsWgLud+Vwwmp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2864	09a7c25d3274aa2b6efe782eb844a96f.exe

Executes dropped EXE 1 IoCs

pid	Process
2864	09a7c25d3274aa2b6efe782eb844a96f.exe

Loads dropped DLL 1 IoCs

pid	Process
1684	09a7c25d3274aa2b6efe782eb844a96f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1684-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012251-14.dat	upx
behavioral1/files/0x000b000000012251-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1684	09a7c25d3274aa2b6efe782eb844a96f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1684	09a7c25d3274aa2b6efe782eb844a96f.exe
2864	09a7c25d3274aa2b6efe782eb844a96f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2864	1684	09a7c25d3274aa2b6efe782eb844a96f.exe	28
PID 1684 wrote to memory of 2864	1684	09a7c25d3274aa2b6efe782eb844a96f.exe	28
PID 1684 wrote to memory of 2864	1684	09a7c25d3274aa2b6efe782eb844a96f.exe	28
PID 1684 wrote to memory of 2864	1684	09a7c25d3274aa2b6efe782eb844a96f.exe	28

C:\Users\Admin\AppData\Local\Temp\09a7c25d3274aa2b6efe782eb844a96f.exe
"C:\Users\Admin\AppData\Local\Temp\09a7c25d3274aa2b6efe782eb844a96f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Users\Admin\AppData\Local\Temp\09a7c25d3274aa2b6efe782eb844a96f.exe
  C:\Users\Admin\AppData\Local\Temp\09a7c25d3274aa2b6efe782eb844a96f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\09a7c25d3274aa2b6efe782eb844a96f.exe

Filesize
381KB

MD5
330add73c5edeb9c959aabee20b77500

SHA1
d00e29cccc19bfaf2dc0198aeeeee4367ac5dee9

SHA256
682f0abf426915ac0c33d66f7dd06b57ef91b0b5989ada137fd76dc13e6b9f7b

SHA512
57aec3ab0acf73df484dbbe5fa4d66a8b9cadffc883f9a3efa58f08cdde66d04501c838f298248ff9723beb4a564e0f25d5542a5a5990c70d1273370de33b040

Download Submit
\Users\Admin\AppData\Local\Temp\09a7c25d3274aa2b6efe782eb844a96f.exe

Filesize
93KB

MD5
5c4c21c96b1dac6a95f838d45253bfc3

SHA1
5ea95aa103805bbdf8659600d5180c2d573de1e1

SHA256
180d9c36daa39ae4a1c098a33aaceef38cb96bbc85e069fc92100a4d7669b585

SHA512
e50068987394e9d832c9c696264963ef74b52cb5e1c30863dce0b490c12aa93aa09e5c4344b3dfcd322e951543287b3b3fe7d4fb6b9abe050ba87af7d6c783d2

Download Submit
memory/1684-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1684-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1684-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1684-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1684-17-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/1684-32-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/2864-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2864-22-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2864-27-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2864-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2864-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2864-20-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download