087705adb9e8d2c83cf244a89117edbf8ba2f48a643b533f9db28ed91bda0bc5

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f7657babab1d599b8d97103ae6f196c.exe
Size

1.3MB
MD5

0f7657babab1d599b8d97103ae6f196c
SHA1

a6b12a73f6daddbe32893975cd72bb7a35c94597
SHA256

087705adb9e8d2c83cf244a89117edbf8ba2f48a643b533f9db28ed91bda0bc5
SHA512

19443559f015845ca76de193a0cbd665274c225673cfb3bf841b89be9e03708307de8829dbbfc0e8b01f26bee054f6d8cec315faf3ec601efb96ba24b6822554
SSDEEP

24576:OpSduv/4VKhWRRdc6q+N4m7jhIx2vTrf8yq4arGiP3vG:Opigh8/csmCUB4aqs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2308	0f7657babab1d599b8d97103ae6f196c.exe

Executes dropped EXE 1 IoCs

pid	Process
2308	0f7657babab1d599b8d97103ae6f196c.exe

Loads dropped DLL 1 IoCs

pid	Process
1516	0f7657babab1d599b8d97103ae6f196c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1516-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c000000012263-11.dat	upx
behavioral1/files/0x000c000000012263-14.dat	upx
behavioral1/memory/2308-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1516	0f7657babab1d599b8d97103ae6f196c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1516	0f7657babab1d599b8d97103ae6f196c.exe
2308	0f7657babab1d599b8d97103ae6f196c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2308	1516	0f7657babab1d599b8d97103ae6f196c.exe	28
PID 1516 wrote to memory of 2308	1516	0f7657babab1d599b8d97103ae6f196c.exe	28
PID 1516 wrote to memory of 2308	1516	0f7657babab1d599b8d97103ae6f196c.exe	28
PID 1516 wrote to memory of 2308	1516	0f7657babab1d599b8d97103ae6f196c.exe	28

C:\Users\Admin\AppData\Local\Temp\0f7657babab1d599b8d97103ae6f196c.exe
"C:\Users\Admin\AppData\Local\Temp\0f7657babab1d599b8d97103ae6f196c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Users\Admin\AppData\Local\Temp\0f7657babab1d599b8d97103ae6f196c.exe
  C:\Users\Admin\AppData\Local\Temp\0f7657babab1d599b8d97103ae6f196c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0f7657babab1d599b8d97103ae6f196c.exe

Filesize
903KB

MD5
befb2ced1900d26965206b70e4d4b7c5

SHA1
312bd575563490501b7c6c4608c71fcae9b13622

SHA256
5efda1477af3221bef6f4363eab264234756b7cde791702e398b931d283e6e55

SHA512
d147000421f0187d9bd9c5cdd63118798d54fc7cbd532e4b91bd7570519df7d03f5a77ffcb4555d164725020b14491b5a5bf3a238f2eb00e95f2e89a35ba74db

Download Submit
\Users\Admin\AppData\Local\Temp\0f7657babab1d599b8d97103ae6f196c.exe

Filesize
1.0MB

MD5
98c9b2fe20fad34fc4353fb9843f1e97

SHA1
69181a8a93e56b0bde9038900d74efea9b9a3d06

SHA256
ba4372bac649001c17296151f2e612f885dfdf0d582d550f4b80e69b56ceb39f

SHA512
6fc0098507c8a9408f3f1b8210811f268b466b167c7c7717c90fc601a405192302daccbf622c938f6c21e551eb9b2c87dabe87a85cc480e3d93c85a95221df2a

Download Submit
memory/1516-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1516-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1516-3-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1516-16-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/1516-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1516-26-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2308-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2308-18-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2308-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2308-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download