0a00c03e251b79f0ed35f8fce2be7f4531c901058f2304e2e4e66bbcfaf1dfbe

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fa43c2811486255c977a77411b02aa7.exe
Size

2.7MB
MD5

0fa43c2811486255c977a77411b02aa7
SHA1

f94f51f576361d8ba6694c7e519d2b3bc49038e1
SHA256

0a00c03e251b79f0ed35f8fce2be7f4531c901058f2304e2e4e66bbcfaf1dfbe
SHA512

e84825341ef8a73fba5c9615675a82f3169bc5986f701fa42f553e9cb06ce2914d5243ea56dfa91bf36cfa6a16009c07108027182d47ae6e0bd6972ca9224222
SSDEEP

49152:ukV8msJ1E4Qnlg0dCGCjR2LGSFJZR9ktBc1+Q4YdxSChG38bDUggR9t:R8mYE4Qnlg0dCTxkHktBcwQDM2YIDULN

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1972	0fa43c2811486255c977a77411b02aa7.exe

Executes dropped EXE 1 IoCs

pid	Process
1972	0fa43c2811486255c977a77411b02aa7.exe

Loads dropped DLL 1 IoCs

pid	Process
1888	0fa43c2811486255c977a77411b02aa7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1888-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000900000001222c-10.dat	upx
behavioral1/files/0x000900000001222c-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1888	0fa43c2811486255c977a77411b02aa7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1888	0fa43c2811486255c977a77411b02aa7.exe
1972	0fa43c2811486255c977a77411b02aa7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1972	1888	0fa43c2811486255c977a77411b02aa7.exe	28
PID 1888 wrote to memory of 1972	1888	0fa43c2811486255c977a77411b02aa7.exe	28
PID 1888 wrote to memory of 1972	1888	0fa43c2811486255c977a77411b02aa7.exe	28
PID 1888 wrote to memory of 1972	1888	0fa43c2811486255c977a77411b02aa7.exe	28

C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe
"C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe
  C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe

Filesize
626KB

MD5
04a544130b15a35970fe053eded1356f

SHA1
fd139e62a503549d5ab74d97b3f702d5ae668dad

SHA256
fd204e3931c71e500890497485c4a08d31df702ffaee138c9694fb5f3bf0a703

SHA512
84a9b0378fa5cd5cdaa33365423b1a8d599ec19bb2ed00a990e983c3e6072ceacf4f57072f7848cc2d2b24c016edfb9ad736c1969f26e31ca7f9ac1e8f18f467

Download Submit
\Users\Admin\AppData\Local\Temp\0fa43c2811486255c977a77411b02aa7.exe

Filesize
576KB

MD5
10581e5dfaba909cec66737c66b639f8

SHA1
59b1840ba3572d1f8fb461d5f930ab84fbe35ca1

SHA256
88d319df53fe50201517edd493161bafe12605168f14cbea624abf366812badf

SHA512
fd5a8f78f9d95f11e79a8ee6a95f44f4c33ac28836b2b0f0714b618465e02552ead49dfa3be036625ab60a6f2911095a238ffea3d9e87adff3b4e9ea8a0d801f

Download Submit
memory/1888-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1888-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1888-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1888-16-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/1888-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1972-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1972-19-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1972-21-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1972-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1972-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1972-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download