61fdc24a9f0639c81680ba3039ffadc38b9fe725b3ba9d7eaee17332d4b08265

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

156f3d68edf08421331837fa2d151059.exe
Size

11.7MB
MD5

156f3d68edf08421331837fa2d151059
SHA1

5a7b725292089104210c924df6f92fe424311134
SHA256

61fdc24a9f0639c81680ba3039ffadc38b9fe725b3ba9d7eaee17332d4b08265
SHA512

36ad7ff101aa4b4db95eb3f24a9da4e8cea36ef7665ea5c4636590723552ac9e2d891aa8c5b1e9f0bf0475a5ae690fb8c9a0d354e9941f7a88bcb3f4e179f2fe
SSDEEP

196608:JdT8sWCIW627WdWCxRVTN0pWCIW627WdWC:P1mWN7WdNVTNSmWN7Wd

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3060	156f3d68edf08421331837fa2d151059.exe

Executes dropped EXE 1 IoCs

pid	Process
3060	156f3d68edf08421331837fa2d151059.exe

Loads dropped DLL 1 IoCs

pid	Process
1220	156f3d68edf08421331837fa2d151059.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1220-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012261-10.dat	upx
behavioral1/files/0x0009000000012261-15.dat	upx
behavioral1/memory/3060-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1220	156f3d68edf08421331837fa2d151059.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1220	156f3d68edf08421331837fa2d151059.exe
3060	156f3d68edf08421331837fa2d151059.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 3060	1220	156f3d68edf08421331837fa2d151059.exe	28
PID 1220 wrote to memory of 3060	1220	156f3d68edf08421331837fa2d151059.exe	28
PID 1220 wrote to memory of 3060	1220	156f3d68edf08421331837fa2d151059.exe	28
PID 1220 wrote to memory of 3060	1220	156f3d68edf08421331837fa2d151059.exe	28

C:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe
"C:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe
  C:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe

Filesize
3.5MB

MD5
3e3027195488931caa7b9b6eeea42e00

SHA1
912e50d7eb8ee628058d97685040dfbb24a8890b

SHA256
94470c189bc62d78bc1b7487cf3c5a091ba86fca3888c4b248147e2945d560d0

SHA512
fcd32bd868b150350e90a7681ed8aff75b4f76e6954b3d8249ef0b611def4dd6c1db13551666c4d2893ee72852bee042de006066af76efbed01fd9b740aea856

Download Submit
\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe

Filesize
2.1MB

MD5
9f7f2599771738189320e18f8ff50cb3

SHA1
4a811afd8c18c6ecb30b96d44564273a088361cb

SHA256
23403591e6b79da1fcb524869fbf6da99b6849157cf82ef30cf0ed1c7f342f71

SHA512
a6055b200fbd20b9712b06946a6c427daec85c5edb64e2591b0096c8cf6b253ac45deb377dafded6d8669a7f2b59a27e9d420c33d8cd5d43bb425543c18871d1

Download Submit
memory/1220-31-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download
memory/1220-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1220-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1220-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1220-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1220-14-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download
memory/3060-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3060-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3060-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3060-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/3060-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3060-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download