a5824b3f5fed1b8b569e318162bc8c932fa67de50fa44b56b1d5162b88383558

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ffb31ebd0d52776535b2a1a152a4d83.exe
Size

1.5MB
MD5

0ffb31ebd0d52776535b2a1a152a4d83
SHA1

d4e833b0d1f03cdb4b950c4ba2758eb70c3dee61
SHA256

a5824b3f5fed1b8b569e318162bc8c932fa67de50fa44b56b1d5162b88383558
SHA512

801be9598e8335646f44f829f47808eefab84645645b93f466073f809a9c8b67410993dca806da25cd4ec99e8d5a1c95cbfa89c33d986bed2e990b7dfe1f6b09
SSDEEP

24576:xsdnrypp3f+aHPYuZ/1H5o+ukEAQ8AsPsRkXy33JitxOZcALwJ82sW:xs96lHPv11H5QAQ8As0RkXynJibWcALJ

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2676	0ffb31ebd0d52776535b2a1a152a4d83.exe

Executes dropped EXE 1 IoCs

pid	Process
2676	0ffb31ebd0d52776535b2a1a152a4d83.exe

Loads dropped DLL 1 IoCs

pid	Process
1268	0ffb31ebd0d52776535b2a1a152a4d83.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1268-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222d-10.dat	upx
behavioral1/files/0x000800000001222d-15.dat	upx
behavioral1/memory/2676-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1268-13-0x0000000003510000-0x00000000039FF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1268	0ffb31ebd0d52776535b2a1a152a4d83.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1268	0ffb31ebd0d52776535b2a1a152a4d83.exe
2676	0ffb31ebd0d52776535b2a1a152a4d83.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2676	1268	0ffb31ebd0d52776535b2a1a152a4d83.exe	28
PID 1268 wrote to memory of 2676	1268	0ffb31ebd0d52776535b2a1a152a4d83.exe	28
PID 1268 wrote to memory of 2676	1268	0ffb31ebd0d52776535b2a1a152a4d83.exe	28
PID 1268 wrote to memory of 2676	1268	0ffb31ebd0d52776535b2a1a152a4d83.exe	28

C:\Users\Admin\AppData\Local\Temp\0ffb31ebd0d52776535b2a1a152a4d83.exe
"C:\Users\Admin\AppData\Local\Temp\0ffb31ebd0d52776535b2a1a152a4d83.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Users\Admin\AppData\Local\Temp\0ffb31ebd0d52776535b2a1a152a4d83.exe
  C:\Users\Admin\AppData\Local\Temp\0ffb31ebd0d52776535b2a1a152a4d83.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0ffb31ebd0d52776535b2a1a152a4d83.exe

Filesize
394KB

MD5
82c11f20023fb6e7e1bbab8d478f4a59

SHA1
28bc18e03f3ef56848ee9e5996914578c46759e7

SHA256
04072bf6e2eeb4f7fe60bc6efe482d69aa8116cec14d8d00bfbeadfae291b2a1

SHA512
7c9517f502289b225de9ececb69e99f759b404c7fad11ec32cc27928c0dbe8b1bbd50dd61a6d0fbe1404e447ee8027816d9cf5d90838998cec89adc016de9c3d

Download Submit
\Users\Admin\AppData\Local\Temp\0ffb31ebd0d52776535b2a1a152a4d83.exe

Filesize
413KB

MD5
3c0be26d1fee4067f9795e2e91f697f9

SHA1
ca47ac3f9c647860e42aa65f1af0c4fe8d57cd84

SHA256
db9438a523b6077ef6b75db0673daab5c6beeac19c4fefb7987e4aec81ad83ec

SHA512
add2911260262b8aa9b4f29c3d193cafcfc565d409fd2c57e0d583b6ca529fc174d21b36bc24fe5b39befa42f6df6ca878ecb235c5e04e568d36af15ee8ec3ab

Download Submit
memory/1268-13-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1268-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1268-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1268-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1268-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2676-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2676-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2676-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2676-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2676-24-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2676-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download