98be4baa411b9a1235f5d4f27b2ca8808ce50f4a119af02a5e4b4ec299de597e

Analysis

max time kernel
142s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c5e458220d4511d4354babff812ad99.exe
Size

1.3MB
MD5

0c5e458220d4511d4354babff812ad99
SHA1

241930fcfe0b76e1943c309bb14cf0a48c45bb91
SHA256

98be4baa411b9a1235f5d4f27b2ca8808ce50f4a119af02a5e4b4ec299de597e
SHA512

434b5eebb9a113a1a861c41af33f435641c33ebb2f65663567ec69e7323c75859061a9e897c37d87df6d692c55983888c8482f64ce92e541b3fc8ba9003da996
SSDEEP

24576:T2+KJlxfiBYhT7UsDjHn13qq7B3AKtG+5CJJT2khW3nDw21C1SawpWCxF+LlWc:i+euBUIW3HlQKILPqQW3PCwBb+Llp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2660	0c5e458220d4511d4354babff812ad99.exe

Executes dropped EXE 1 IoCs

pid	Process
2660	0c5e458220d4511d4354babff812ad99.exe

Loads dropped DLL 1 IoCs

pid	Process
3028	0c5e458220d4511d4354babff812ad99.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012284-10.dat	upx
behavioral1/files/0x0008000000012284-15.dat	upx
behavioral1/memory/2660-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/3028-13-0x00000000035F0000-0x0000000003ADF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3028	0c5e458220d4511d4354babff812ad99.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3028	0c5e458220d4511d4354babff812ad99.exe
2660	0c5e458220d4511d4354babff812ad99.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2660	3028	0c5e458220d4511d4354babff812ad99.exe	28
PID 3028 wrote to memory of 2660	3028	0c5e458220d4511d4354babff812ad99.exe	28
PID 3028 wrote to memory of 2660	3028	0c5e458220d4511d4354babff812ad99.exe	28
PID 3028 wrote to memory of 2660	3028	0c5e458220d4511d4354babff812ad99.exe	28

C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe
"C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe
  C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe

Filesize
880KB

MD5
0db1f5d11e34fae175e489ee0f2394ba

SHA1
79e832e55ca8fd64d4d8e980b2959b3ed225bf82

SHA256
2d1a125262fb556af2395fa4b8c5fab44a648cafb74bfdf69e603a32988c1c96

SHA512
0838031ec95512aad6d60f261418f514009d800532bddeeb783193cc62b29c7dbca039e04c73b05a7ffc28f22b62252e511d489bb73a65a2a8d6d33bd3e753b6

Download Submit
\Users\Admin\AppData\Local\Temp\0c5e458220d4511d4354babff812ad99.exe

Filesize
75KB

MD5
3831c46bc3f628574717e3747e756649

SHA1
7a1fc9bc2009e81267a357354b88c0780988a16b

SHA256
649673b201c59c87707dcb1f022aca02528aa6c1825bac9c6785b6e52f92e7fc

SHA512
ecf53b54dbb94e978cc1a4330937c49ecc555f7aa30c44ac83a503d37fde6bf598649bbe8d2085dc9d9afb4f9377e517d9246acbe4b432c42850d3e45dcc47f7

Download Submit
memory/2660-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2660-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2660-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2660-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2660-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2660-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3028-2-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/3028-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3028-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3028-13-0x00000000035F0000-0x0000000003ADF000-memory.dmp

Filesize
4.9MB

Download
memory/3028-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download