830073e1e21a97b3184f968be6e1c5b254f5c67cc40c0145320db66f466645ff

Analysis

max time kernel
117s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1680dfd1af21d7068c42b28169f22ecf.exe
Size

1.5MB
MD5

1680dfd1af21d7068c42b28169f22ecf
SHA1

2584ba5852f2595620766fcbbd7bbda58ef96957
SHA256

830073e1e21a97b3184f968be6e1c5b254f5c67cc40c0145320db66f466645ff
SHA512

e02ec4562dc8c69a496fcea23ed9369e17b51141e9427cfad067a975596b7fcf5479dd42e10ccd25ccc82890cf7061a931944a7a7b78a9503996dce6432f2781
SSDEEP

24576:Ez1yxLm1pENOTff0Ik76admxeug62UDKFw0yzUuDMgzyvO9kHZJJsF1u+eSAW:Ezb1pENOTfnkmvx3pDKIzWik7JsbR2

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2256	1680dfd1af21d7068c42b28169f22ecf.exe

Executes dropped EXE 1 IoCs

pid	Process
2256	1680dfd1af21d7068c42b28169f22ecf.exe

Loads dropped DLL 1 IoCs

pid	Process
2548	1680dfd1af21d7068c42b28169f22ecf.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012264-10.dat	upx
behavioral1/files/0x0009000000012264-13.dat	upx
behavioral1/memory/2548-15-0x0000000003600000-0x0000000003AEF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2548	1680dfd1af21d7068c42b28169f22ecf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2548	1680dfd1af21d7068c42b28169f22ecf.exe
2256	1680dfd1af21d7068c42b28169f22ecf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2256	2548	1680dfd1af21d7068c42b28169f22ecf.exe	28
PID 2548 wrote to memory of 2256	2548	1680dfd1af21d7068c42b28169f22ecf.exe	28
PID 2548 wrote to memory of 2256	2548	1680dfd1af21d7068c42b28169f22ecf.exe	28
PID 2548 wrote to memory of 2256	2548	1680dfd1af21d7068c42b28169f22ecf.exe	28

C:\Users\Admin\AppData\Local\Temp\1680dfd1af21d7068c42b28169f22ecf.exe
"C:\Users\Admin\AppData\Local\Temp\1680dfd1af21d7068c42b28169f22ecf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\1680dfd1af21d7068c42b28169f22ecf.exe
  C:\Users\Admin\AppData\Local\Temp\1680dfd1af21d7068c42b28169f22ecf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1680dfd1af21d7068c42b28169f22ecf.exe

Filesize
661KB

MD5
56777a39a55082492b895352ad59be3b

SHA1
7451d5bdf303ad27fa697f689443720231e31665

SHA256
8ed8bb08146a33d12be657807d6b465dd9d5d9b72d1246cbf8d0adebed7d68fd

SHA512
853fd09aa5a851e8e6b63f420914e7768b4ff30655a42fd3df0cb0f1402bae630f4de45a16cbc37c2e85040e518476145ecd344c5ee196027d94d092746826d8

Download Submit
\Users\Admin\AppData\Local\Temp\1680dfd1af21d7068c42b28169f22ecf.exe

Filesize
64KB

MD5
8d553c73eb5508400a7628a76974a622

SHA1
1f90206b0c344645c15dd1a67e52249d3fc07068

SHA256
9630748aa1f364213326f1823ccc4a431f8fbefb3fc7f4c80ef34575e175860f

SHA512
d98054185932a79a78100a88e943897acbfa9b1788a99adb12476f9d0772163d322029b58087531cc7585454d3f15e7566261b02a022cd22a9b6c0f284255e10

Download Submit
memory/2256-19-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2256-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2256-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2256-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2256-25-0x00000000034C0000-0x00000000036EA000-memory.dmp

Filesize
2.2MB

Download
memory/2256-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2548-2-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2548-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2548-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2548-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2548-15-0x0000000003600000-0x0000000003AEF000-memory.dmp

Filesize
4.9MB

Download
memory/2548-31-0x0000000003600000-0x0000000003AEF000-memory.dmp

Filesize
4.9MB

Download