77ed46c86f99a5ae9fce8da5072f5adfb1cf541293a511b92b2254540ec5a829

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16da1b9f2118c3d38e91a46563bbf355.exe
Size

1.3MB
MD5

16da1b9f2118c3d38e91a46563bbf355
SHA1

45649b291ca0f4a1a42693df8d42c1fd0a71eabd
SHA256

77ed46c86f99a5ae9fce8da5072f5adfb1cf541293a511b92b2254540ec5a829
SHA512

de30e1b99d69694ebfd93da1909189484e6212099d7802a1fa88705576eca012dc47baf85a2a9009604cd817c69a10a257af74a049233e2f65eb654cef864343
SSDEEP

24576:KbuBp8KbvsiuNnH3VtdaGsHjobJLqFPUHbuFJtD5/Wc:HgKbONXYfDo2sHb+Jd5p

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3024	16da1b9f2118c3d38e91a46563bbf355.exe

Executes dropped EXE 1 IoCs

pid	Process
3024	16da1b9f2118c3d38e91a46563bbf355.exe

Loads dropped DLL 1 IoCs

pid	Process
2800	16da1b9f2118c3d38e91a46563bbf355.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2800-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012251-10.dat	upx
behavioral1/files/0x000c000000012251-15.dat	upx
behavioral1/memory/2800-14-0x00000000035B0000-0x0000000003A9F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2800	16da1b9f2118c3d38e91a46563bbf355.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2800	16da1b9f2118c3d38e91a46563bbf355.exe
3024	16da1b9f2118c3d38e91a46563bbf355.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 3024	2800	16da1b9f2118c3d38e91a46563bbf355.exe	14
PID 2800 wrote to memory of 3024	2800	16da1b9f2118c3d38e91a46563bbf355.exe	14
PID 2800 wrote to memory of 3024	2800	16da1b9f2118c3d38e91a46563bbf355.exe	14
PID 2800 wrote to memory of 3024	2800	16da1b9f2118c3d38e91a46563bbf355.exe	14

C:\Users\Admin\AppData\Local\Temp\16da1b9f2118c3d38e91a46563bbf355.exe
C:\Users\Admin\AppData\Local\Temp\16da1b9f2118c3d38e91a46563bbf355.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3024

C:\Users\Admin\AppData\Local\Temp\16da1b9f2118c3d38e91a46563bbf355.exe
"C:\Users\Admin\AppData\Local\Temp\16da1b9f2118c3d38e91a46563bbf355.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\16da1b9f2118c3d38e91a46563bbf355.exe

Filesize
381KB

MD5
98e7dd539b37bb9875c3d2287b10fb76

SHA1
d1f2138ce6929be0f23068f4d590ea4bb28348a8

SHA256
c744a642a5f9652a16c976e24201e0874c28442403d3d0cc26f9532fdf03e3c7

SHA512
9a2c4137f203a5a8f00419ba6e2f6eeca4afe83bd41c60e800f9385cd5543bac172fbe646e72f026136fd483cc62e469cc0a00a7eda51aaf200f4adbfab1d393

Download Submit
\Users\Admin\AppData\Local\Temp\16da1b9f2118c3d38e91a46563bbf355.exe

Filesize
65KB

MD5
53ddf976497e9d66b321125eec9da3e7

SHA1
e086e4d5a2ed8da9a8466702aba9abc229bc8a25

SHA256
8f706403af2523e615431318c469659343daf6d6094371d8f6875cba500c1206

SHA512
cbea451b21a4f268e822037a39d8d3a960136a7574089f0f18415e9745a967d3a1488c02e4a71df918f89117880c0dbbd1771014a3d93d7fad83bfcfa0dc66a4

Download Submit
memory/2800-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2800-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2800-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2800-14-0x00000000035B0000-0x0000000003A9F000-memory.dmp

Filesize
4.9MB

Download
memory/2800-2-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/3024-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3024-20-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/3024-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3024-25-0x0000000003530000-0x000000000375A000-memory.dmp

Filesize
2.2MB

Download
memory/3024-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3024-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download