0caa6bf8c2091e6ec444366d13f7bb4b2fe7ef8ead418752951235c567f52cfe

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0e024796dc5a4ae55ff539b480718bed.exe
Size

5.3MB
MD5

0e024796dc5a4ae55ff539b480718bed
SHA1

16dd79f5a578dc9fb90406d7481c9a4cfc2bd458
SHA256

0caa6bf8c2091e6ec444366d13f7bb4b2fe7ef8ead418752951235c567f52cfe
SHA512

0338d2b901bd2786f562c7ca85b18751f0ddc212aff757d45547cad35481fd6cd7324f1aefaade2dd749ba5fda99cc3f99686e1aa8d04e29c05f6bb792969962
SSDEEP

98304:HlHkEHaUXH9mELsXZE0H54CTRKLHrEyH9mELsXZE0Hj:HqEHzXY64VbeLEyY64VD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2328	0e024796dc5a4ae55ff539b480718bed.exe

Executes dropped EXE 1 IoCs

pid	Process
2328	0e024796dc5a4ae55ff539b480718bed.exe

Loads dropped DLL 1 IoCs

pid	Process
2468	0e024796dc5a4ae55ff539b480718bed.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2468-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b00000001223f-13.dat	upx
behavioral1/files/0x000b00000001223f-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2468	0e024796dc5a4ae55ff539b480718bed.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2468	0e024796dc5a4ae55ff539b480718bed.exe
2328	0e024796dc5a4ae55ff539b480718bed.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2328	2468	0e024796dc5a4ae55ff539b480718bed.exe	28
PID 2468 wrote to memory of 2328	2468	0e024796dc5a4ae55ff539b480718bed.exe	28
PID 2468 wrote to memory of 2328	2468	0e024796dc5a4ae55ff539b480718bed.exe	28
PID 2468 wrote to memory of 2328	2468	0e024796dc5a4ae55ff539b480718bed.exe	28

C:\Users\Admin\AppData\Local\Temp\0e024796dc5a4ae55ff539b480718bed.exe
"C:\Users\Admin\AppData\Local\Temp\0e024796dc5a4ae55ff539b480718bed.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\0e024796dc5a4ae55ff539b480718bed.exe
  C:\Users\Admin\AppData\Local\Temp\0e024796dc5a4ae55ff539b480718bed.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0e024796dc5a4ae55ff539b480718bed.exe

Filesize
889KB

MD5
88cf4b498570c27cc85605b2137cd417

SHA1
11f8f5797c61fea71391e61123ed2a3a7fd389bf

SHA256
e01f5abca4496dcb5c64655cf1a38c9f2117968dc0c385702043d5cf108fdb4d

SHA512
95bd319d183095cf4be513ee5a8dd9c0f07b51002b7907032ac531ea8f2a1871863ea3727e9de667767b13225b0b4f0ea618870fb5ecfc68ac1213ddcc8b3a29

Download Submit
\Users\Admin\AppData\Local\Temp\0e024796dc5a4ae55ff539b480718bed.exe

Filesize
1.4MB

MD5
487e538adebfeb99a7ba0df2726c0930

SHA1
2ec42bf7fc8445fc47711cb49524140a02b36127

SHA256
0c0f01947071c3436f5240ed4dd52361016b7d79483e295f6dbc914ad1649ec3

SHA512
84807cd2fcf4364506588e9503f26a324dc48ce3bd8072e1237efd1a5475a0ad393ee7711ecaf6169b036e1ada764b664541a735d3684965d1eecb4feb6c703f

Download Submit
memory/2328-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2328-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2328-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2328-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2328-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2328-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2468-15-0x0000000003DC0000-0x00000000042A7000-memory.dmp

Filesize
4.9MB

Download
memory/2468-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2468-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2468-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2468-2-0x00000000002A0000-0x00000000003D1000-memory.dmp

Filesize
1.2MB

Download