355958fe70b828a8868652b7503a4fded500c9a8834a339385cc31aa7bdd1c8e

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11a9d9e9ea1084d3f4931e1755db518a.exe
Size

2.4MB
MD5

11a9d9e9ea1084d3f4931e1755db518a
SHA1

1bd24e372c102ca03ae349bdaba3907990f3e191
SHA256

355958fe70b828a8868652b7503a4fded500c9a8834a339385cc31aa7bdd1c8e
SHA512

3a37aef227f116fa9e281be095314fb4bef69d1d1c71b7ad1b634309566fd4f77464f8361292b38d6f65bcb973aad9c604282b42e81d0868288af2d0fa8a0872
SSDEEP

49152:MkHySIP1FRan+0nx52CELRgP4M338dB2IBlGuuDVUsdxxjr:TSP1KBnbeggg3gnl/IVUs1jr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2988	11a9d9e9ea1084d3f4931e1755db518a.exe

Executes dropped EXE 1 IoCs

pid	Process
2988	11a9d9e9ea1084d3f4931e1755db518a.exe

Loads dropped DLL 1 IoCs

pid	Process
2644	11a9d9e9ea1084d3f4931e1755db518a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2644-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012243-10.dat	upx
behavioral1/memory/2988-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2644	11a9d9e9ea1084d3f4931e1755db518a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2644	11a9d9e9ea1084d3f4931e1755db518a.exe
2988	11a9d9e9ea1084d3f4931e1755db518a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2988	2644	11a9d9e9ea1084d3f4931e1755db518a.exe	28
PID 2644 wrote to memory of 2988	2644	11a9d9e9ea1084d3f4931e1755db518a.exe	28
PID 2644 wrote to memory of 2988	2644	11a9d9e9ea1084d3f4931e1755db518a.exe	28
PID 2644 wrote to memory of 2988	2644	11a9d9e9ea1084d3f4931e1755db518a.exe	28

C:\Users\Admin\AppData\Local\Temp\11a9d9e9ea1084d3f4931e1755db518a.exe
"C:\Users\Admin\AppData\Local\Temp\11a9d9e9ea1084d3f4931e1755db518a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\11a9d9e9ea1084d3f4931e1755db518a.exe
  C:\Users\Admin\AppData\Local\Temp\11a9d9e9ea1084d3f4931e1755db518a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\11a9d9e9ea1084d3f4931e1755db518a.exe

Filesize
2.4MB

MD5
5ac6ed4c4fc9febd67e759bde8b90058

SHA1
ed9e8578092ea287d73991462d4290380a13f340

SHA256
204db627efe7f14ea5993befe4c20a34cbe2980ec7c45a0cd6da5775e73cea60

SHA512
11eca8f02c55bc073fe861e9a39cbb56b13be3747f0370230b5c72390e55359d1a7be731ad3c45a16ee8f212960257795a9589742b972ba3f60cc49a08028798

Download Submit
memory/2644-31-0x00000000036F0000-0x0000000003BDF000-memory.dmp

Filesize
4.9MB

Download
memory/2644-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2644-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2644-15-0x00000000036F0000-0x0000000003BDF000-memory.dmp

Filesize
4.9MB

Download
memory/2644-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2644-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2988-24-0x0000000003430000-0x000000000365A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2988-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download