1fd73ba58f06fb6faa372bf7e403ddb23d80118a4c5cbe147b226132d7405827

Analysis

max time kernel
117s
max time network
131s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c0021e7077d1712550f06d923f1fd5f.exe
Size

1.5MB
MD5

0c0021e7077d1712550f06d923f1fd5f
SHA1

8c7b36962eac6e0b8df087a720d3d259bf618d4f
SHA256

1fd73ba58f06fb6faa372bf7e403ddb23d80118a4c5cbe147b226132d7405827
SHA512

cfd0a672d7dd38244d7a9a98aeb243781c2678b4566d9f64c4b48129cb10f424a365e5a0c398a087781947f97135e31f84328cd452a8450f75470de9ccf2fd62
SSDEEP

24576:6C3MKDDh2/fciYgLafBuqUMnAEQd1uxlvAkFddtgzqtILNOYsthH/NUH663AUM2S:P8KDDhi+fBuqUMnAEQqPAEdhWd2H/NU5

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2528	0c0021e7077d1712550f06d923f1fd5f.exe

Executes dropped EXE 1 IoCs

pid	Process
2528	0c0021e7077d1712550f06d923f1fd5f.exe

Loads dropped DLL 1 IoCs

pid	Process
1412	0c0021e7077d1712550f06d923f1fd5f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1412-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001220d-13.dat	upx
behavioral1/memory/2528-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001220d-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1412	0c0021e7077d1712550f06d923f1fd5f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1412	0c0021e7077d1712550f06d923f1fd5f.exe
2528	0c0021e7077d1712550f06d923f1fd5f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2528	1412	0c0021e7077d1712550f06d923f1fd5f.exe	28
PID 1412 wrote to memory of 2528	1412	0c0021e7077d1712550f06d923f1fd5f.exe	28
PID 1412 wrote to memory of 2528	1412	0c0021e7077d1712550f06d923f1fd5f.exe	28
PID 1412 wrote to memory of 2528	1412	0c0021e7077d1712550f06d923f1fd5f.exe	28

C:\Users\Admin\AppData\Local\Temp\0c0021e7077d1712550f06d923f1fd5f.exe
"C:\Users\Admin\AppData\Local\Temp\0c0021e7077d1712550f06d923f1fd5f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Users\Admin\AppData\Local\Temp\0c0021e7077d1712550f06d923f1fd5f.exe
  C:\Users\Admin\AppData\Local\Temp\0c0021e7077d1712550f06d923f1fd5f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0c0021e7077d1712550f06d923f1fd5f.exe

Filesize
320KB

MD5
4d6288e4989cbf638c913cb2ef6e11ea

SHA1
2588255afee7718c2a2ca1d7ef9b87054cbeee80

SHA256
0d58894bcb055b257576807da004e877249602a1aeb4055a6bb6add3faa81814

SHA512
43b39183a2fefaee289f7cfd1eadcf6f953dfc1921edf17e64c7ec3daeb431c8a4d33e5ced66d8d88a00c1328cd5e14f6f89d6680cad28c770e966169a207e76

Download Submit
\Users\Admin\AppData\Local\Temp\0c0021e7077d1712550f06d923f1fd5f.exe

Filesize
832KB

MD5
95680e7e37a4a9d2d2c9777f1af3ae1f

SHA1
13eaf9bba0710c37ecdf74d2f0760c3304dd3830

SHA256
504cde2bd39bf70da42b092df200f622b039174c701fd1c4bde576f986003643

SHA512
322725706b17a82a5e000b7e9ed97af45fa6f872743cacda9874fe12c0f3569700c93a5a5cc9f22bb5f61ea4eef7c8d9a95c6ed547542d110fb1e7d73ec00bd8

Download Submit
memory/1412-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1412-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1412-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1412-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1412-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1412-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2528-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2528-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2528-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2528-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2528-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2528-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download