e503b3941010b279f942a9f264e9dff70dc8bf9ff5cf604b1711c6856adcb94d

Analysis

max time kernel
119s
max time network
163s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17527a27ac01ff27431650d623daa275.exe
Size

5.3MB
MD5

17527a27ac01ff27431650d623daa275
SHA1

8b15c0b4dfc69099fd6b11c3e30710c130405c48
SHA256

e503b3941010b279f942a9f264e9dff70dc8bf9ff5cf604b1711c6856adcb94d
SHA512

1bc5aab1ff69c2e084237032c48392b9b6b9762ad333475195ec63e5083b2086383e7ece9800742d2b8b781441a3dc37de05abc05233f5fff11a62da91017547
SSDEEP

98304:7bk536NR56cdNb8vyHZhrx7RFFj0iMHIwFzzckbl3HZhrx7RFFj0iMHj:7bkcNec/86HrHFFIiMfzzck5HrHFFIiE

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2756	17527a27ac01ff27431650d623daa275.exe

Executes dropped EXE 1 IoCs

pid	Process
2756	17527a27ac01ff27431650d623daa275.exe

Loads dropped DLL 1 IoCs

pid	Process
1668	17527a27ac01ff27431650d623daa275.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1668-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012261-10.dat	upx
behavioral1/files/0x000b000000012261-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1668	17527a27ac01ff27431650d623daa275.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1668	17527a27ac01ff27431650d623daa275.exe
2756	17527a27ac01ff27431650d623daa275.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2756	1668	17527a27ac01ff27431650d623daa275.exe	27
PID 1668 wrote to memory of 2756	1668	17527a27ac01ff27431650d623daa275.exe	27
PID 1668 wrote to memory of 2756	1668	17527a27ac01ff27431650d623daa275.exe	27
PID 1668 wrote to memory of 2756	1668	17527a27ac01ff27431650d623daa275.exe	27

C:\Users\Admin\AppData\Local\Temp\17527a27ac01ff27431650d623daa275.exe
"C:\Users\Admin\AppData\Local\Temp\17527a27ac01ff27431650d623daa275.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\17527a27ac01ff27431650d623daa275.exe
  C:\Users\Admin\AppData\Local\Temp\17527a27ac01ff27431650d623daa275.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\17527a27ac01ff27431650d623daa275.exe

Filesize
1.1MB

MD5
f237296c215dd8bb2033cd4ced0f20f7

SHA1
ae4ebb01d75dafb2b3bfe5f08323799b5f0938a3

SHA256
0a14e3e173fd00357303148a4d0f9dcbc4e525c9abd76a32123a1dc3b8a21292

SHA512
c7059e2724153bea62cb1751c9d834a09e38dbe9d8b1304c0cf96ceed8c974095c1bb267ff231c13e6e1a68d1edd945cba94c35951be2a3eaccf088e433768d0

Download Submit
\Users\Admin\AppData\Local\Temp\17527a27ac01ff27431650d623daa275.exe

Filesize
1024KB

MD5
aa0fd2a01fb0fa34cb4f174547893d6a

SHA1
3d60de39c8b2204351fcf0b06e8c8cbd755abad2

SHA256
e5bac7c8fc003b47e73b24a22e485200f871bda588c0e5d05402ca3c258994f2

SHA512
b410c65f347e9673637961c4c71c65131982fb0378bc63561c223e795ceb7bf529b33e7650bca8cb2db667cc20b45df42c5f6a1db35ae160e32ed220defd7d8f

Download Submit
memory/1668-16-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/1668-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1668-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1668-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1668-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1668-32-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/2756-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2756-20-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2756-17-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2756-26-0x0000000003580000-0x00000000037A2000-memory.dmp

Filesize
2.1MB

Download
memory/2756-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2756-33-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download