f620023ce9f5c1e11025c082605b74d2002097b7066b74078c197bed3f2aa844

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e059d8f4b289782462a62a2934dd40f.exe
Size

1.3MB
MD5

0e059d8f4b289782462a62a2934dd40f
SHA1

6acb92e1859af59c8ae51d591babed9959339009
SHA256

f620023ce9f5c1e11025c082605b74d2002097b7066b74078c197bed3f2aa844
SHA512

03311c5e56cddc4e75429a9560a4e433e06019b7056c3601bf2b56c9ac8029766b12fd0afbf6309940fc92bc4a2b0b68d867bfcdbd82f02a01ba954d9741396d
SSDEEP

24576:WTTp81+wq0ovizGhDw+Pi0GRMbEyNnZOFUi4kid6iYU9/9Us:WTTp81+wq0Dd0GRMbE02P4ldtHR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2788	0e059d8f4b289782462a62a2934dd40f.exe

Executes dropped EXE 1 IoCs

pid	Process
2788	0e059d8f4b289782462a62a2934dd40f.exe

Loads dropped DLL 1 IoCs

pid	Process
2548	0e059d8f4b289782462a62a2934dd40f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/files/0x0009000000012252-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2548	0e059d8f4b289782462a62a2934dd40f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2548	0e059d8f4b289782462a62a2934dd40f.exe
2788	0e059d8f4b289782462a62a2934dd40f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2788	2548	0e059d8f4b289782462a62a2934dd40f.exe	28
PID 2548 wrote to memory of 2788	2548	0e059d8f4b289782462a62a2934dd40f.exe	28
PID 2548 wrote to memory of 2788	2548	0e059d8f4b289782462a62a2934dd40f.exe	28
PID 2548 wrote to memory of 2788	2548	0e059d8f4b289782462a62a2934dd40f.exe	28

C:\Users\Admin\AppData\Local\Temp\0e059d8f4b289782462a62a2934dd40f.exe
"C:\Users\Admin\AppData\Local\Temp\0e059d8f4b289782462a62a2934dd40f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\0e059d8f4b289782462a62a2934dd40f.exe
  C:\Users\Admin\AppData\Local\Temp\0e059d8f4b289782462a62a2934dd40f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0e059d8f4b289782462a62a2934dd40f.exe

Filesize
1.2MB

MD5
166fe1ec7d714fbb0bb36b2651491464

SHA1
18426544ab67006f9f2895f0dc92408bd153b0f9

SHA256
b80a131e2790e4dfaf94e48cbf0388dc90f79808f812b2f4707413c9ba0c6ca0

SHA512
d18eb7f2e7cfbd8fc1b7159a204d3f15e213637c5fb0cf1193b0f0996b2f3404c68fe265c1a563e0c9e542bc151aa58244082aaed9e12b329d456383bd30e823

Download Submit
\Users\Admin\AppData\Local\Temp\0e059d8f4b289782462a62a2934dd40f.exe

Filesize
1.1MB

MD5
8f00a8b26a26e7ef734d17ba56489177

SHA1
645a4eacae7de0ee7a2135fe922cc8f0c5a013b3

SHA256
e1381240f60512c9fde8f819ed1f76f3b194fcb033dbd7c740ac7ff7cb7e9143

SHA512
319ad5aa18532a6a001aac4c1aa1bdddf10efd0a7a8240cb8060e0f0ece07c259a0aa8ea31b6ccab1147942b85416aae8c00ac5da45365b46ad88ddd6410a265

Download Submit
memory/2548-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2548-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2548-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2548-15-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/2548-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2548-32-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/2788-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2788-20-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2788-17-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2788-25-0x0000000003540000-0x0000000003762000-memory.dmp

Filesize
2.1MB

Download
memory/2788-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2788-33-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download