402f2814f7a2a3f20534ad41005e9c4327a6dc247e549351cfe947fad4de7cfb

Analysis

max time kernel
121s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e1006ddbef07df2d6e8fb9105585953.exe
Size

1.5MB
MD5

0e1006ddbef07df2d6e8fb9105585953
SHA1

360ba79267072eb07555786b42e985d651133846
SHA256

402f2814f7a2a3f20534ad41005e9c4327a6dc247e549351cfe947fad4de7cfb
SHA512

9882d69551879ec12435e2838e743de65b1f619b66951e8afa42cd94421c68cae35bf54e49729d9b8186b673a0402fe212f1a75e3e4e90cb32a7d6df14fb23bc
SSDEEP

24576:NUUE3a1DDzirxfDSvF6PAc9WH/IERO7xSsDxl4twsXMmSMpW:NURK5DkQF2VWfIERWxSsD4tTXMm/

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2356	0e1006ddbef07df2d6e8fb9105585953.exe

Executes dropped EXE 1 IoCs

pid	Process
2356	0e1006ddbef07df2d6e8fb9105585953.exe

Loads dropped DLL 1 IoCs

pid	Process
2444	0e1006ddbef07df2d6e8fb9105585953.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2444-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012247-10.dat	upx
behavioral1/memory/2444-13-0x0000000003510000-0x00000000039FF000-memory.dmp	upx
behavioral1/files/0x0009000000012247-15.dat	upx
behavioral1/memory/2356-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2444	0e1006ddbef07df2d6e8fb9105585953.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2444	0e1006ddbef07df2d6e8fb9105585953.exe
2356	0e1006ddbef07df2d6e8fb9105585953.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2356	2444	0e1006ddbef07df2d6e8fb9105585953.exe	28
PID 2444 wrote to memory of 2356	2444	0e1006ddbef07df2d6e8fb9105585953.exe	28
PID 2444 wrote to memory of 2356	2444	0e1006ddbef07df2d6e8fb9105585953.exe	28
PID 2444 wrote to memory of 2356	2444	0e1006ddbef07df2d6e8fb9105585953.exe	28

C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe
"C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe
  C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe

Filesize
156KB

MD5
7223f873b8affe9541fe90a3e934bf88

SHA1
b8a1ec22c98b65bb693f747cded914a40bf69f8c

SHA256
d913ffaec1f044ac05e49ab3805303a348180ef8ae4b86bc3075b236c250b6b3

SHA512
c4a53b6d953788cfbc00838d15815d350a164274da65666f68fca598e8480fe724e43236940aeb0a044f4daf3f483d26ec2da558a76fc5644c38aaaa1318fdc5

Download Submit
\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe

Filesize
250KB

MD5
b3a10bc556025058cb49359b8ef409af

SHA1
3ff7f8191ccce9579db7591aa07b84ab90846093

SHA256
86241e34c5291ae40326f98eed3b9b6d2ef11f3aefa06cf018e69a67dff95df4

SHA512
297f9d85975fcd048985916eb61835bd7fab0f8379fabdc3a25fff271787893bba82d3bc848c2913dd7c4616c2ce2b03b94d517c72f4fba6c6110bb6f69df47e

Download Submit
memory/2356-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2356-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2356-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2356-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2356-25-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2356-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2444-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2444-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2444-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2444-13-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2444-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2444-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download