d14b8c0645e5a7ad1d471d526038f871691c297068e8eb4d66e8a89229516d74

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1483b82426a1600b46440197bfa29750.exe
Size

2.9MB
MD5

1483b82426a1600b46440197bfa29750
SHA1

56231bb28de774d80fedf654f40ff1ff09bc5786
SHA256

d14b8c0645e5a7ad1d471d526038f871691c297068e8eb4d66e8a89229516d74
SHA512

2568e03827c3239166313c02e90a42c6eed4da99b5adfea43c55c5f15218819a9258ae84c173c1a7b48fefcd172829a9462a1551991cc22f9c7f1eeae6059cd2
SSDEEP

49152:e2LiRGJfNgOJjEk7dOGskAaPP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:e2LhfaOJyMAaPgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1956	1483b82426a1600b46440197bfa29750.exe

Executes dropped EXE 1 IoCs

pid	Process
1956	1483b82426a1600b46440197bfa29750.exe

Loads dropped DLL 1 IoCs

pid	Process
2480	1483b82426a1600b46440197bfa29750.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1956-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2480	1483b82426a1600b46440197bfa29750.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2480	1483b82426a1600b46440197bfa29750.exe
1956	1483b82426a1600b46440197bfa29750.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1956	2480	1483b82426a1600b46440197bfa29750.exe	28
PID 2480 wrote to memory of 1956	2480	1483b82426a1600b46440197bfa29750.exe	28
PID 2480 wrote to memory of 1956	2480	1483b82426a1600b46440197bfa29750.exe	28
PID 2480 wrote to memory of 1956	2480	1483b82426a1600b46440197bfa29750.exe	28

C:\Users\Admin\AppData\Local\Temp\1483b82426a1600b46440197bfa29750.exe
"C:\Users\Admin\AppData\Local\Temp\1483b82426a1600b46440197bfa29750.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\1483b82426a1600b46440197bfa29750.exe
  C:\Users\Admin\AppData\Local\Temp\1483b82426a1600b46440197bfa29750.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1483b82426a1600b46440197bfa29750.exe

Filesize
893KB

MD5
98ea7a34717a3359d64b92b74ba1ad87

SHA1
f5b1e2a0fad9eb69f861b1650c6f7e4de8482575

SHA256
f304bd8c0fe195e901d490bbc2130654cebcf04d7f42a636233022eca1864fe2

SHA512
c06b634169f092d6634847370fd2892d5e2a68593ad411214853b969936b72c69a7f2ce09b7c216ee2f0e5e1f8ff5b2d43718d94363badcb34af88091cbdc1cb

Download Submit
memory/1956-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1956-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1956-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1956-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1956-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1956-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2480-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2480-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2480-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2480-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2480-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2480-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download