9e105a88311cb382a14beb7af27c1d7567ba942d10485491ffed7395a7609a7c

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12d99475fe383d37c5aa9fc38b661ce5.exe
Size

5.8MB
MD5

12d99475fe383d37c5aa9fc38b661ce5
SHA1

0e5e91e02f4781811aa3aecaad5020a7c9b27207
SHA256

9e105a88311cb382a14beb7af27c1d7567ba942d10485491ffed7395a7609a7c
SHA512

1d2d929819b46c4718be76c3b6cc21d93450d94c11dd9c14217f99b556c2b86fe599532bc8446c014015cdecfaab9b8524a71dbaaef2c460191adf1e4508567c
SSDEEP

98304:5i7J0udCOV0L83GHau42c1joCjMPkNwk6TxlepMHSdA+D2cV0fvHau42c1joCjMP:5iunOV0L88auq1jI86NuMHhXnffauq1M

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2700	12d99475fe383d37c5aa9fc38b661ce5.exe

Executes dropped EXE 1 IoCs

pid	Process
2700	12d99475fe383d37c5aa9fc38b661ce5.exe

Loads dropped DLL 1 IoCs

pid	Process
2756	12d99475fe383d37c5aa9fc38b661ce5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2756-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d00000001473e-10.dat	upx
behavioral1/files/0x000d00000001473e-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2756	12d99475fe383d37c5aa9fc38b661ce5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2756	12d99475fe383d37c5aa9fc38b661ce5.exe
2700	12d99475fe383d37c5aa9fc38b661ce5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2700	2756	12d99475fe383d37c5aa9fc38b661ce5.exe	28
PID 2756 wrote to memory of 2700	2756	12d99475fe383d37c5aa9fc38b661ce5.exe	28
PID 2756 wrote to memory of 2700	2756	12d99475fe383d37c5aa9fc38b661ce5.exe	28
PID 2756 wrote to memory of 2700	2756	12d99475fe383d37c5aa9fc38b661ce5.exe	28

C:\Users\Admin\AppData\Local\Temp\12d99475fe383d37c5aa9fc38b661ce5.exe
"C:\Users\Admin\AppData\Local\Temp\12d99475fe383d37c5aa9fc38b661ce5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\12d99475fe383d37c5aa9fc38b661ce5.exe
  C:\Users\Admin\AppData\Local\Temp\12d99475fe383d37c5aa9fc38b661ce5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\12d99475fe383d37c5aa9fc38b661ce5.exe

Filesize
5.8MB

MD5
db3cab86f4cd2d084b28bdff3484792b

SHA1
ce2799fbbabc13c6e5173773d127a59e30947953

SHA256
bc5341bb5088681d71d461f51881fdfb33a42aef961fc0b524ae32445a5e6944

SHA512
95169a9b3b87dce6fef29a87426f6bcdaa871084f2de3245945ae520330a9e4ee46ee6dd81971787989a044b90d98f71d96c0b2643a24f931b84eaad4a9b204c

Download Submit
\Users\Admin\AppData\Local\Temp\12d99475fe383d37c5aa9fc38b661ce5.exe

Filesize
5.2MB

MD5
5d12444d83b5ce7fff10e131bda4b187

SHA1
42f64fc06522e946760368e478e89075efbf2610

SHA256
7ab70953699e882c8b3fcdce2ff18f9869c379b911d34ba4d1faf75bc1524841

SHA512
c3217736cd36c8cf631e95d20aca94718783612313c36e3416476fdd7e73b7da96418053de72ad6a44b1db6b751a820cd365ca8e386aba6e48800e323af569c7

Download Submit
memory/2700-18-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2700-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2700-21-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2700-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2700-26-0x0000000003570000-0x000000000379A000-memory.dmp

Filesize
2.2MB

Download
memory/2700-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2756-3-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2756-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2756-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2756-16-0x0000000003E90000-0x000000000437F000-memory.dmp

Filesize
4.9MB

Download
memory/2756-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2756-32-0x0000000003E90000-0x000000000437F000-memory.dmp

Filesize
4.9MB

Download