33504da9488d7d1951a20cdf7b8a596fdf7c94ce30b673effb8d31657dc641cf

Analysis

max time kernel
122s
max time network
161s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ca7f8fd50329fff0069a342870732c6.exe
Size

1.3MB
MD5

0ca7f8fd50329fff0069a342870732c6
SHA1

ea080e53d15c6f7e3792de6e403e2398cac665ce
SHA256

33504da9488d7d1951a20cdf7b8a596fdf7c94ce30b673effb8d31657dc641cf
SHA512

a3486e44d7b8839e9aed8a7059c6c7efe872fe06203b9f218a6cea005f5fef56927bf510ce362b6a5d32714902bcad325caedf60dbddbb6133cfae8289cfc1d8
SSDEEP

24576:lOWyOdb6LTGa+JF1aVNKKam7ChonQ38Kv/X//0IvZauVOkPnAnwU9/9Us:lODPGJF1autT/XHDvZ5VOGn4/R9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1948	0ca7f8fd50329fff0069a342870732c6.exe

Executes dropped EXE 1 IoCs

pid	Process
1948	0ca7f8fd50329fff0069a342870732c6.exe

Loads dropped DLL 1 IoCs

pid	Process
2792	0ca7f8fd50329fff0069a342870732c6.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2792-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012252-10.dat	upx
behavioral1/files/0x000b000000012252-15.dat	upx
behavioral1/memory/1948-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012252-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2792	0ca7f8fd50329fff0069a342870732c6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2792	0ca7f8fd50329fff0069a342870732c6.exe
1948	0ca7f8fd50329fff0069a342870732c6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 1948	2792	0ca7f8fd50329fff0069a342870732c6.exe	27
PID 2792 wrote to memory of 1948	2792	0ca7f8fd50329fff0069a342870732c6.exe	27
PID 2792 wrote to memory of 1948	2792	0ca7f8fd50329fff0069a342870732c6.exe	27
PID 2792 wrote to memory of 1948	2792	0ca7f8fd50329fff0069a342870732c6.exe	27

C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe
"C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe
  C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe

Filesize
132KB

MD5
64ae5cfcc118b9d49edc835ad0b05d8e

SHA1
2ac8f24ffcc27d9a1167c0eb474116cefa68660e

SHA256
0e3625023623c15491f119a17a97d256ba04fa1bc6e2abdf0d0a28e56aba71c4

SHA512
39603a425618a3595263b697644ce42aeb7d4a5ec2ada1084e0c492924f51dcd62caa7cc0fb136375704a8011024aef41eb9693ece20e3b180215c8dcdb4f65c

Download Submit
C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe

Filesize
54KB

MD5
5fbaf7db79d8079fe030e4f61df5e852

SHA1
1c2ae09450ed895f07b9e6d08304b05d2bd37ce9

SHA256
d1253275864dda91bf6a25ced6b343b77677d084aa709d5ae06a396f47c3c0f0

SHA512
06c127325028fc335767953d10fd1c7153f92ecc8afccdebff9bcb24e783c38b908d370f64f68274ff355b0d0bae4abc7d15c6e41e87dce875649b46690c2561

Download Submit
\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe

Filesize
335KB

MD5
83577602d61ad498405dbee92138a36b

SHA1
dd5897689b360e908ecdc00786245ecd1d9155be

SHA256
b1a79739a8fd3d07211bbb1612da09c5d3934951133ef506f94e21ab614cacf7

SHA512
4b5779cf2c3a2c3d21099a2e9ed2ad28e003f004d3fc4f371841e7b6a59d128c4c58d2f54cee62941719cce76a04ce4d1495f3dd7a3d2cec284dc7c5d4e373b3

Download Submit
memory/1948-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1948-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1948-20-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1948-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1948-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1948-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2792-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2792-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2792-14-0x0000000003590000-0x0000000003A77000-memory.dmp

Filesize
4.9MB

Download
memory/2792-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2792-2-0x0000000000250000-0x0000000000381000-memory.dmp

Filesize
1.2MB

Download
memory/2792-31-0x0000000003590000-0x0000000003A77000-memory.dmp

Filesize
4.9MB

Download