003a8f55631f3e12a5e793827142880a8b1dc64857574176e489b0496eeb53ea

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 06:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1103658c4b3bb9dff6c5cfd336888b49.exe
Size

2.5MB
MD5

1103658c4b3bb9dff6c5cfd336888b49
SHA1

8a175095f719aad7f86b2717f395835a6d816580
SHA256

003a8f55631f3e12a5e793827142880a8b1dc64857574176e489b0496eeb53ea
SHA512

4916ad771822cb93b1f4c3ddb9bda5cbb30e6c68e4435a7c0a7c45b81d518b702acb8d0ae8d394b9426a078d1d62d5a748620c55bc3fc1159e27948bc162531c
SSDEEP

49152:G7q0KBwbMxKxPSxf55+PEYMHQau+N74NH5HUyNRcUsCVOzet0:GWjmbMxKaf8EYMwau+4HBUCczz9

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2860	1103658c4b3bb9dff6c5cfd336888b49.exe

Executes dropped EXE 1 IoCs

pid	Process
2860	1103658c4b3bb9dff6c5cfd336888b49.exe

Loads dropped DLL 1 IoCs

pid	Process
2224	1103658c4b3bb9dff6c5cfd336888b49.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001650c-15.dat	upx
behavioral1/memory/2224-14-0x0000000003730000-0x0000000003C1F000-memory.dmp	upx
behavioral1/files/0x000a00000001650c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2224	1103658c4b3bb9dff6c5cfd336888b49.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2224	1103658c4b3bb9dff6c5cfd336888b49.exe
2860	1103658c4b3bb9dff6c5cfd336888b49.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2860	2224	1103658c4b3bb9dff6c5cfd336888b49.exe	17
PID 2224 wrote to memory of 2860	2224	1103658c4b3bb9dff6c5cfd336888b49.exe	17
PID 2224 wrote to memory of 2860	2224	1103658c4b3bb9dff6c5cfd336888b49.exe	17
PID 2224 wrote to memory of 2860	2224	1103658c4b3bb9dff6c5cfd336888b49.exe	17

C:\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exe
"C:\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exe
  C:\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1103658c4b3bb9dff6c5cfd336888b49.exe

Filesize
96KB

MD5
841e54058e93ec36d8c0805e71abec83

SHA1
b5ac151decc6593385748f7e95be688364bf09ef

SHA256
24565ac4e9462e1a5933abc3e4e7c774a26b2a64e75e4c00ae2abcb6cd6dcb27

SHA512
763e106944830c5116cee8bc0e2407404c0ceb17bc2fa88d5bca4888f4bc0007fcea49c85f08dc9900c38d8fd029f4f3d1ee0670483ad8e8b621170a68cb6933

Download Submit
memory/2224-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2224-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2224-31-0x0000000003730000-0x0000000003C1F000-memory.dmp

Filesize
4.9MB

Download
memory/2224-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-14-0x0000000003730000-0x0000000003C1F000-memory.dmp

Filesize
4.9MB

Download
memory/2860-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2860-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2860-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2860-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2860-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2860-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download