e7dc28ccca42632391d0186da5921cc6c6a95eb36018f3f08ab6dea05e19eae0

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0abb7d6d0645959eb21739eb75aaeb65.exe
Size

1.3MB
MD5

0abb7d6d0645959eb21739eb75aaeb65
SHA1

1918d8ff74d56bf8734be99217946bddbce43ca4
SHA256

e7dc28ccca42632391d0186da5921cc6c6a95eb36018f3f08ab6dea05e19eae0
SHA512

a95c4d0318522a05e9f83d9b8e27e66748fa40afa2519411122370067bc3d8a0e6f042c387f6dcbc4860d9759704db283b670170ccaf055ebf817b38e527b7e4
SSDEEP

24576:3Q9hVxyHCRRmQgr25dwam2iQhhiNzDmQq0T6+tHkv+Pd2rwFxYWc:g9hBRRmQga5d82hh0V80T9FzewTYp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2324	0abb7d6d0645959eb21739eb75aaeb65.exe

Executes dropped EXE 1 IoCs

pid	Process
2324	0abb7d6d0645959eb21739eb75aaeb65.exe

Loads dropped DLL 1 IoCs

pid	Process
2288	0abb7d6d0645959eb21739eb75aaeb65.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2288-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000014abe-15.dat	upx
behavioral1/memory/2324-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000014abe-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2288	0abb7d6d0645959eb21739eb75aaeb65.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2288	0abb7d6d0645959eb21739eb75aaeb65.exe
2324	0abb7d6d0645959eb21739eb75aaeb65.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2324	2288	0abb7d6d0645959eb21739eb75aaeb65.exe	17
PID 2288 wrote to memory of 2324	2288	0abb7d6d0645959eb21739eb75aaeb65.exe	17
PID 2288 wrote to memory of 2324	2288	0abb7d6d0645959eb21739eb75aaeb65.exe	17
PID 2288 wrote to memory of 2324	2288	0abb7d6d0645959eb21739eb75aaeb65.exe	17

C:\Users\Admin\AppData\Local\Temp\0abb7d6d0645959eb21739eb75aaeb65.exe
"C:\Users\Admin\AppData\Local\Temp\0abb7d6d0645959eb21739eb75aaeb65.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\0abb7d6d0645959eb21739eb75aaeb65.exe
  C:\Users\Admin\AppData\Local\Temp\0abb7d6d0645959eb21739eb75aaeb65.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0abb7d6d0645959eb21739eb75aaeb65.exe

Filesize
1.3MB

MD5
728a2fbfc108a450230f54665638268d

SHA1
42afbea35a437a7be2bdcd076a341a95aa2862c4

SHA256
af50c2d0694087b68d11795f8abf9221146621e36c37d6b90d0b70bb31fdabc2

SHA512
fb8eb6429715cb4b01311306594e771da7e27a9826524b318a0dde7adc1e772f77feb94513c565aa4bba806b75ec1359ce0bbb9635101f4b7e10f6c754d314ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\0abb7d6d0645959eb21739eb75aaeb65.exe

Filesize
116KB

MD5
441c99cd5bd72f972c9688e7d3804728

SHA1
d42e270c524fffa492c5bae2ac59e06eba60992c

SHA256
bc129f21f899d40add28c79621cba493fa2aee66d0ac541b44cc98535780789e

SHA512
242ab273aec94d489fb064bd042f51ed34b285d16d4d319a164c76a34b513b456afcc7d06b10dd13c605785bc8ce63261d77be1890b5b07e02c4f2869c27a142

Download Submit
memory/2288-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2288-14-0x0000000003580000-0x0000000003A6F000-memory.dmp

Filesize
4.9MB

Download
memory/2288-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2288-3-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2288-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2288-31-0x0000000003580000-0x0000000003A6F000-memory.dmp

Filesize
4.9MB

Download
memory/2324-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2324-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2324-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2324-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download