075b6b99baf431c397c664709a0e7290ba9750e5999109e77239e9aba6d47e7c

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

164f39732af9382a5bdb34ca1dd1c198.exe
Size

1.5MB
MD5

164f39732af9382a5bdb34ca1dd1c198
SHA1

cc32eb4add738a5a6402b2993513c66acdbc18bc
SHA256

075b6b99baf431c397c664709a0e7290ba9750e5999109e77239e9aba6d47e7c
SHA512

dc4b47f0f6988e105a415410cd647fed1f0afc03f6403726893371d0f10cac02aa3acab2cebd409f9a8387865253fd9baf68ceac4e53e0f28b6a41feb2aae936
SSDEEP

24576:JQ89DlmM0F25yXc0DIVJgDdqdpqXhlH/lyLW/hKcSmTjYM34DZk82nbXW:r5Ew5yXc0MVJIgPqRlHALW5qmQAgk

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1672	164f39732af9382a5bdb34ca1dd1c198.exe

Executes dropped EXE 1 IoCs

pid	Process
1672	164f39732af9382a5bdb34ca1dd1c198.exe

Loads dropped DLL 1 IoCs

pid	Process
2052	164f39732af9382a5bdb34ca1dd1c198.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2052-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224a-15.dat	upx
behavioral1/memory/1672-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2052	164f39732af9382a5bdb34ca1dd1c198.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2052	164f39732af9382a5bdb34ca1dd1c198.exe
1672	164f39732af9382a5bdb34ca1dd1c198.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1672	2052	164f39732af9382a5bdb34ca1dd1c198.exe	28
PID 2052 wrote to memory of 1672	2052	164f39732af9382a5bdb34ca1dd1c198.exe	28
PID 2052 wrote to memory of 1672	2052	164f39732af9382a5bdb34ca1dd1c198.exe	28
PID 2052 wrote to memory of 1672	2052	164f39732af9382a5bdb34ca1dd1c198.exe	28

C:\Users\Admin\AppData\Local\Temp\164f39732af9382a5bdb34ca1dd1c198.exe
"C:\Users\Admin\AppData\Local\Temp\164f39732af9382a5bdb34ca1dd1c198.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\164f39732af9382a5bdb34ca1dd1c198.exe
  C:\Users\Admin\AppData\Local\Temp\164f39732af9382a5bdb34ca1dd1c198.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\164f39732af9382a5bdb34ca1dd1c198.exe

Filesize
1.5MB

MD5
f4a3b10c44baa393499c0ad599766fcf

SHA1
bc58e130cf8e8d71a8fd6289b5c039422ea0b4ab

SHA256
d513055d1bfaf04eac1bcf07ff4f08c5125c9495b9de84e8919c9c86147532c2

SHA512
1c704098f79ee76f47e4a1c15d5c13e01eb511bdcbcf1b9f213872a3e53daa7f7a4841445403325495ff81c0181cb632d22c0493a250a05fc4223263f9725ec4

Download Submit
memory/1672-24-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/1672-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1672-18-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/1672-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1672-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1672-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-4-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2052-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-13-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download