f48a8790d2b5fa4594c9fbdea9fd6c0b1618823e5c79776c9f691a4c674c7252

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f82300ff1f3ec79b46b42b500961c41.exe
Size

5.3MB
MD5

0f82300ff1f3ec79b46b42b500961c41
SHA1

22200e0a902f10c984c4616b2bf9dc07dce46977
SHA256

f48a8790d2b5fa4594c9fbdea9fd6c0b1618823e5c79776c9f691a4c674c7252
SHA512

7e33995105f068a3cb832b4bbeaf980e93b942ad70ead17998ac9353174156893457a0918a1e24f80d38ae5a978c530ad06186df6843ee533e75ddce46366be9
SSDEEP

98304:cZWLDYH4yspPyrZvx99SPv64i956mSLMW7QRYZwuSPv64i956mSLMW:PLUApPytvx99SPv64i95HAMQQRYXSPvU

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2164	0f82300ff1f3ec79b46b42b500961c41.exe

Executes dropped EXE 1 IoCs

pid	Process
2164	0f82300ff1f3ec79b46b42b500961c41.exe

Loads dropped DLL 1 IoCs

pid	Process
2512	0f82300ff1f3ec79b46b42b500961c41.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2512-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012247-13.dat	upx
behavioral1/memory/2164-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2512-15-0x0000000003AD0000-0x0000000003F3A000-memory.dmp	upx
behavioral1/files/0x000a000000012247-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2512	0f82300ff1f3ec79b46b42b500961c41.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2512	0f82300ff1f3ec79b46b42b500961c41.exe
2164	0f82300ff1f3ec79b46b42b500961c41.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2164	2512	0f82300ff1f3ec79b46b42b500961c41.exe	28
PID 2512 wrote to memory of 2164	2512	0f82300ff1f3ec79b46b42b500961c41.exe	28
PID 2512 wrote to memory of 2164	2512	0f82300ff1f3ec79b46b42b500961c41.exe	28
PID 2512 wrote to memory of 2164	2512	0f82300ff1f3ec79b46b42b500961c41.exe	28

C:\Users\Admin\AppData\Local\Temp\0f82300ff1f3ec79b46b42b500961c41.exe
"C:\Users\Admin\AppData\Local\Temp\0f82300ff1f3ec79b46b42b500961c41.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\0f82300ff1f3ec79b46b42b500961c41.exe
  C:\Users\Admin\AppData\Local\Temp\0f82300ff1f3ec79b46b42b500961c41.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0f82300ff1f3ec79b46b42b500961c41.exe

Filesize
138KB

MD5
b34280fe6a5f7022455357da6859d46d

SHA1
b991af793ae1f74683bac508f830aa266023014a

SHA256
a586f03b66cba30e450d5aa0a3666a2ae5333a3b9e3af2022c75b342059dc182

SHA512
63ca48276957637cdc29b5c43380e551bf3e7740e1471525eba440d9937eb4bd2e77410df9b114756860f02449afd9478680b5e719c3041e013482d2952a6bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\0f82300ff1f3ec79b46b42b500961c41.exe

Filesize
417KB

MD5
5d96069ccbaebb82293feb1782433786

SHA1
5d7b964ec7185917ddb900173ecd0f873405392b

SHA256
eb1f8a6af547f8c648e2933468d1b0620f89d6248b18268cb7a2142085077862

SHA512
2702f4749f7c0db2226a9b2d57b1bd9dadc659cac4078dd7ea77ca3c21a38c1a142455ae8376a60e37e8c6a7d4e92b77238b60d63178784eef3efb7825b5072e

Download Submit
memory/2164-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2164-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2164-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2164-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2512-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2512-1-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2512-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2512-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2512-15-0x0000000003AD0000-0x0000000003F3A000-memory.dmp

Filesize
4.4MB

Download