305c1ddac5a14279601cba10bcff309a0c843b49fb2d6f66d0bea1c337e1fa25

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d41a4afd37fb1e186a56e4759f22a70.exe
Size

2.9MB
MD5

0d41a4afd37fb1e186a56e4759f22a70
SHA1

7b67a7a2172fcbb0ffa2c132eb42c52059f762a0
SHA256

305c1ddac5a14279601cba10bcff309a0c843b49fb2d6f66d0bea1c337e1fa25
SHA512

100633834d50e5a80db4351611b79eb459f6b45e59be03d5609600af5e043551ee4edaac55729918ae52f603a8cca1d782b8a40026f92b4216bbdf9930e4f712
SSDEEP

49152:lTDXzU2oOBVH46EgLCSeA2syFmSBuQa0nbxPIVUVNYYYCx3GKvgJLfFVEAR3+tE:dz7PfH46hjqJXBB/xPIVUkYbvgJhVd6l

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1968	0d41a4afd37fb1e186a56e4759f22a70.exe

Executes dropped EXE 1 IoCs

pid	Process
1968	0d41a4afd37fb1e186a56e4759f22a70.exe

Loads dropped DLL 1 IoCs

pid	Process
2940	0d41a4afd37fb1e186a56e4759f22a70.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2940-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b0000000122de-13.dat	upx
behavioral1/files/0x000b0000000122de-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2940	0d41a4afd37fb1e186a56e4759f22a70.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2940	0d41a4afd37fb1e186a56e4759f22a70.exe
1968	0d41a4afd37fb1e186a56e4759f22a70.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 1968	2940	0d41a4afd37fb1e186a56e4759f22a70.exe	28
PID 2940 wrote to memory of 1968	2940	0d41a4afd37fb1e186a56e4759f22a70.exe	28
PID 2940 wrote to memory of 1968	2940	0d41a4afd37fb1e186a56e4759f22a70.exe	28
PID 2940 wrote to memory of 1968	2940	0d41a4afd37fb1e186a56e4759f22a70.exe	28

C:\Users\Admin\AppData\Local\Temp\0d41a4afd37fb1e186a56e4759f22a70.exe
"C:\Users\Admin\AppData\Local\Temp\0d41a4afd37fb1e186a56e4759f22a70.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Users\Admin\AppData\Local\Temp\0d41a4afd37fb1e186a56e4759f22a70.exe
  C:\Users\Admin\AppData\Local\Temp\0d41a4afd37fb1e186a56e4759f22a70.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0d41a4afd37fb1e186a56e4759f22a70.exe

Filesize
92KB

MD5
42e22c1ed169e3f8d27c5e06178f03ad

SHA1
e713bc01fe4dd930e3357f75c42e6ac636c8b5c2

SHA256
bb822de833c2f4609952d0c4dbf8126dad76f7a371e3c30bbc71e99406936701

SHA512
9ed0985aa8be02e3f190b6e16c70d172a48649c06a51e1500b7080b629c57f312d770be29ded1b32d458b2b500109865fc0929f29bc97722864adc0a52ff8a24

Download Submit
\Users\Admin\AppData\Local\Temp\0d41a4afd37fb1e186a56e4759f22a70.exe

Filesize
322KB

MD5
c231d53c9b237dc4fda3ebc286d34d33

SHA1
a517122f41f04f8d87e50ba8907d6443997a5597

SHA256
870a0a266d1bb638075f6154a01fcc44659fe4851c9a962adfb7d7c615b25f00

SHA512
83784872fb1dcb1e3c5b937c89fca67d464f0c52c4b221e0370f12938d03b6f614d94b95f1ac32322a522ee3551bdbdb312b373368207cfdc1e6e8bf6105e178

Download Submit
memory/1968-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1968-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1968-24-0x00000000034C0000-0x00000000036EA000-memory.dmp

Filesize
2.2MB

Download
memory/1968-19-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/1968-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-16-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2940-30-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download