fe3d6f14420ed94b925719316d0d7cde0e5498553a165a4129d88fbac9265bc1

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e4b26e61e2c4192412860cd3c13ff7f.exe
Size

2.7MB
MD5

0e4b26e61e2c4192412860cd3c13ff7f
SHA1

f515fd228096f48fccadac092fdc7713923238ef
SHA256

fe3d6f14420ed94b925719316d0d7cde0e5498553a165a4129d88fbac9265bc1
SHA512

26efa99082e483a66279555cc32fc5adb3e132e01c35974b0231163b14da82b6ca1ba9638da9c6dfa33c0d0551442208d92e746ade96cfd9dfa8551ea4007f94
SSDEEP

49152:ORPco1kfFrplOJwoR9xKFXCP4dXL0Ru6gwhuHbdz4CPR9j:ZAO3MGoH4g4YoxzPPHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2748	0e4b26e61e2c4192412860cd3c13ff7f.exe

Executes dropped EXE 1 IoCs

pid	Process
2748	0e4b26e61e2c4192412860cd3c13ff7f.exe

Loads dropped DLL 1 IoCs

pid	Process
2412	0e4b26e61e2c4192412860cd3c13ff7f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012255-10.dat	upx
behavioral1/memory/2748-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012255-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2412	0e4b26e61e2c4192412860cd3c13ff7f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2412	0e4b26e61e2c4192412860cd3c13ff7f.exe
2748	0e4b26e61e2c4192412860cd3c13ff7f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2748	2412	0e4b26e61e2c4192412860cd3c13ff7f.exe	28
PID 2412 wrote to memory of 2748	2412	0e4b26e61e2c4192412860cd3c13ff7f.exe	28
PID 2412 wrote to memory of 2748	2412	0e4b26e61e2c4192412860cd3c13ff7f.exe	28
PID 2412 wrote to memory of 2748	2412	0e4b26e61e2c4192412860cd3c13ff7f.exe	28

C:\Users\Admin\AppData\Local\Temp\0e4b26e61e2c4192412860cd3c13ff7f.exe
"C:\Users\Admin\AppData\Local\Temp\0e4b26e61e2c4192412860cd3c13ff7f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\0e4b26e61e2c4192412860cd3c13ff7f.exe
  C:\Users\Admin\AppData\Local\Temp\0e4b26e61e2c4192412860cd3c13ff7f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0e4b26e61e2c4192412860cd3c13ff7f.exe

Filesize
517KB

MD5
0148b92ca04412f0924f544095d5ed04

SHA1
eb4e3769fcf8ff8235f6b114707db4e6937b31c9

SHA256
f820007452104d022802be90cd190ad6853f4b26316bd2deff2c4c528fae69d4

SHA512
d9d3f2e571471067113a9300e7e6bf2ba18478a0f1a4a01d1110689049cd6e104a960779f146e66c7877f8f74cbf4ae8e3b94c95a96a3c0a5c9eaa25a4c87fe8

Download Submit
\Users\Admin\AppData\Local\Temp\0e4b26e61e2c4192412860cd3c13ff7f.exe

Filesize
1.0MB

MD5
d134f247664a0fe3bbbb0240de380bbe

SHA1
0670067c3e657ae38e74579cd11140af3bf4ef95

SHA256
b12ab700c4460987b980ada4ae16bcb55305d1cb81a66ac68eec03a1a236f95d

SHA512
ad2c1bfe8266b164859c5d1e683855fa63b2395e2bfa4884308f7eca6f2a22b6a3c8478b01c9ca122017795745ceeea50ae52680857053fa4d00c456d4a86cd8

Download Submit
memory/2412-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2412-3-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2412-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2412-14-0x00000000038F0000-0x0000000003DD7000-memory.dmp

Filesize
4.9MB

Download
memory/2412-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2748-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2748-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2748-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2748-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2748-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2748-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download