bc754b50caa691cfd8a50bc88ae1820bd5ad1cf0c703886d330ef7cabbfad271

Analysis

max time kernel
120s
max time network
159s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15d9b94a64e593395443eca8eef69065.exe
Size

2.9MB
MD5

15d9b94a64e593395443eca8eef69065
SHA1

fd6c5dc6172624e4b4ca3988bd2a247409e2b722
SHA256

bc754b50caa691cfd8a50bc88ae1820bd5ad1cf0c703886d330ef7cabbfad271
SHA512

e5d6dd1f92b530924a85d76682cd396a25ff3e46f5665f7b9073754593b8370583b88b842609570876275ee32e6f6888a80d97d0272c8f6fa842fe1db81a4698
SSDEEP

49152:xC29GpOQGssyHUno/a0NF1ZTPON74NH5HUyNRcUsCVOzetdZJ:xX9GpbsysoX71Zq4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2880	15d9b94a64e593395443eca8eef69065.exe

Executes dropped EXE 1 IoCs

pid	Process
2880	15d9b94a64e593395443eca8eef69065.exe

Loads dropped DLL 1 IoCs

pid	Process
2564	15d9b94a64e593395443eca8eef69065.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2564-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/files/0x0004000000004ed7-16.dat	upx
behavioral1/memory/2880-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-14.dat	upx
behavioral1/memory/2564-13-0x0000000003960000-0x0000000003E4F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2564	15d9b94a64e593395443eca8eef69065.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2564	15d9b94a64e593395443eca8eef69065.exe
2880	15d9b94a64e593395443eca8eef69065.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2880	2564	15d9b94a64e593395443eca8eef69065.exe	29
PID 2564 wrote to memory of 2880	2564	15d9b94a64e593395443eca8eef69065.exe	29
PID 2564 wrote to memory of 2880	2564	15d9b94a64e593395443eca8eef69065.exe	29
PID 2564 wrote to memory of 2880	2564	15d9b94a64e593395443eca8eef69065.exe	29

C:\Users\Admin\AppData\Local\Temp\15d9b94a64e593395443eca8eef69065.exe
"C:\Users\Admin\AppData\Local\Temp\15d9b94a64e593395443eca8eef69065.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Users\Admin\AppData\Local\Temp\15d9b94a64e593395443eca8eef69065.exe
  C:\Users\Admin\AppData\Local\Temp\15d9b94a64e593395443eca8eef69065.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15d9b94a64e593395443eca8eef69065.exe

Filesize
553KB

MD5
90021314a37d39a8a832b13c76c5d850

SHA1
979fa1388f3581101606e8d2bb7c505b83e63b1b

SHA256
42a9d1e213ed550593a978d7fd686530c9f6215217ca0edb2d4e2998e2b58284

SHA512
91752260cb4b29bb77ed95888ebb1edc63bfe3189eca163dae006f47f60faf6bd78dce55111fd7d262de8b26fc2cd4427849f38a60a8bebf221bdf6b01a80d76

Download Submit
C:\Users\Admin\AppData\Local\Temp\15d9b94a64e593395443eca8eef69065.exe

Filesize
322KB

MD5
e91dfc483974116ad8a312fd504de76d

SHA1
ee3cc0efa21f6857f34c97532d38c9d6cdd2b88c

SHA256
dbd01923c7e76d6375ad6e49610fbdf9b9ca13bb0f410580f3c399c551bab3b4

SHA512
351bf9b1fc30b4fc8c214ab578556470f827beb39816afc8031a92edbd63e6c648b26552e323061d8910002be097415559010de05d84620ea011188174fa211d

Download Submit
\Users\Admin\AppData\Local\Temp\15d9b94a64e593395443eca8eef69065.exe

Filesize
1.5MB

MD5
3ea2b012640139b6746287ece073cb81

SHA1
7411237eaed3f9c289384ebdf1722a7b70b370d6

SHA256
b6dd2ad9b81d6fcc4e457786debf44a5c23f0e459da9d01a0c9c91b7416c4a86

SHA512
d1bc2a535eda32137b3f78e6d487e2f10f9de58970fd057735fc84ada0774211402d99e82f138066fa06ac4d13eb18af9f79591f38e34a820adec38a904eaa53

Download Submit
memory/2564-7-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2564-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2564-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2564-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2564-13-0x0000000003960000-0x0000000003E4F000-memory.dmp

Filesize
4.9MB

Download
memory/2880-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2880-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2880-19-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2880-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2880-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2880-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download