2a35481e6304d89abc91a396547502fb107f39b46162815021cffec105c81022

Analysis

max time kernel
122s
max time network
168s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e25ca2be8de8d937162c044ecb1b6da.exe
Size

1.5MB
MD5

0e25ca2be8de8d937162c044ecb1b6da
SHA1

2cb1b3eaf9547a3a6dc80bfdfd52abbcfc39900b
SHA256

2a35481e6304d89abc91a396547502fb107f39b46162815021cffec105c81022
SHA512

a79cc2bee0f40b43ce872bc9c6d2704913e77bceec8fa88e447d11c766323a94e3aa52478fa683fd21f28b63c4f159e5eb1ea2417420d709acae7d2aa939490c
SSDEEP

24576:x5CyIbYHpJKE7Yql5xa6CFDiGrMHaFeCS4uvQ+vFW:xYbg7Yql7axZXrMHoS4uY+vF

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2436	0e25ca2be8de8d937162c044ecb1b6da.exe

Executes dropped EXE 1 IoCs

pid	Process
2436	0e25ca2be8de8d937162c044ecb1b6da.exe

Loads dropped DLL 1 IoCs

pid	Process
2836	0e25ca2be8de8d937162c044ecb1b6da.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2836-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00080000000120f8-10.dat	upx
behavioral1/memory/2836-12-0x00000000036A0000-0x0000000003B8F000-memory.dmp	upx
behavioral1/files/0x00080000000120f8-14.dat	upx
behavioral1/memory/2436-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2836	0e25ca2be8de8d937162c044ecb1b6da.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2836	0e25ca2be8de8d937162c044ecb1b6da.exe
2436	0e25ca2be8de8d937162c044ecb1b6da.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2436	2836	0e25ca2be8de8d937162c044ecb1b6da.exe	27
PID 2836 wrote to memory of 2436	2836	0e25ca2be8de8d937162c044ecb1b6da.exe	27
PID 2836 wrote to memory of 2436	2836	0e25ca2be8de8d937162c044ecb1b6da.exe	27
PID 2836 wrote to memory of 2436	2836	0e25ca2be8de8d937162c044ecb1b6da.exe	27

C:\Users\Admin\AppData\Local\Temp\0e25ca2be8de8d937162c044ecb1b6da.exe
"C:\Users\Admin\AppData\Local\Temp\0e25ca2be8de8d937162c044ecb1b6da.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Users\Admin\AppData\Local\Temp\0e25ca2be8de8d937162c044ecb1b6da.exe
  C:\Users\Admin\AppData\Local\Temp\0e25ca2be8de8d937162c044ecb1b6da.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0e25ca2be8de8d937162c044ecb1b6da.exe

Filesize
239KB

MD5
add1db6a665b8e95432b5a1a8f576f40

SHA1
a829ba82207f9d4c0014f0abd60d5172cd493fed

SHA256
56aa99e31e02983bf6cebc2146544674d4f2f07f83803ff11faaf36d80f309ff

SHA512
33d8d17a8174a4dd494395da47bd62bb0992e240e3708217fca623f9060d1e049363619e17641639947f4cc12a62ea8058c02456ef077332f4dc4697d7f4f139

Download Submit
\Users\Admin\AppData\Local\Temp\0e25ca2be8de8d937162c044ecb1b6da.exe

Filesize
370KB

MD5
eb6336c17e21934ba0b428689409139c

SHA1
1ef9cd7ffe5052ec0d1604c8ba9f2181911433a8

SHA256
22e9152a7f3cb2e93b28c33adf2fd28fce34ef29fa0eea7c82896c0e1b5b4231

SHA512
bd5785af3ee7dd03a76f2b4601daacfb4db3bdf2fef17fc84a03191823db11fcfbbea08535eaa18aa2ad5e907ae41b70d27046528434b39a276a602a874ab96c

Download Submit
memory/2436-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2436-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2436-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2436-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2436-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2436-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2836-4-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2836-12-0x00000000036A0000-0x0000000003B8F000-memory.dmp

Filesize
4.9MB

Download
memory/2836-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2836-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2836-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download