6f44c467a1c711b28cd5542772a582be3c46a4bcbee13a3befe8e7f1dc89a06f

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

190f09a068fbc8535fd1a697fb6ff812.exe
Size

5.8MB
MD5

190f09a068fbc8535fd1a697fb6ff812
SHA1

de2e9aeae1fc173dcd03fe7cd1bcac2736ce217c
SHA256

6f44c467a1c711b28cd5542772a582be3c46a4bcbee13a3befe8e7f1dc89a06f
SHA512

427d29a0384fa5edad9144e8f18ea22d5bdb04cca43ba864871aba5d989b280a466e1478a517fd665e7e54246524953c83b3b6f88052616dbbeab7cc7beb7c1e
SSDEEP

98304:wzIVsNdY3qgXPF2gg3gnl/IVUs1jePsmNyvu+OJMn8GnwWcV2gg3gnl/IVUs1jek:AImNdY6gtygl/iBiPZyvu+Oin8GwGgll

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2380	190f09a068fbc8535fd1a697fb6ff812.exe

Executes dropped EXE 1 IoCs

pid	Process
2380	190f09a068fbc8535fd1a697fb6ff812.exe

Loads dropped DLL 1 IoCs

pid	Process
2984	190f09a068fbc8535fd1a697fb6ff812.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2984-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2380-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000014534-13.dat	upx
behavioral1/files/0x000b000000014534-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2984	190f09a068fbc8535fd1a697fb6ff812.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2984	190f09a068fbc8535fd1a697fb6ff812.exe
2380	190f09a068fbc8535fd1a697fb6ff812.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2380	2984	190f09a068fbc8535fd1a697fb6ff812.exe	17
PID 2984 wrote to memory of 2380	2984	190f09a068fbc8535fd1a697fb6ff812.exe	17
PID 2984 wrote to memory of 2380	2984	190f09a068fbc8535fd1a697fb6ff812.exe	17
PID 2984 wrote to memory of 2380	2984	190f09a068fbc8535fd1a697fb6ff812.exe	17

C:\Users\Admin\AppData\Local\Temp\190f09a068fbc8535fd1a697fb6ff812.exe
"C:\Users\Admin\AppData\Local\Temp\190f09a068fbc8535fd1a697fb6ff812.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Users\Admin\AppData\Local\Temp\190f09a068fbc8535fd1a697fb6ff812.exe
  C:\Users\Admin\AppData\Local\Temp\190f09a068fbc8535fd1a697fb6ff812.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\190f09a068fbc8535fd1a697fb6ff812.exe

Filesize
92KB

MD5
1210232c1b8c29f29c34118778adb7f6

SHA1
08124364c10054edfba11884be5e94be271e4844

SHA256
0b3791e575c32555c1fdb32a943cfeeba7e436336fc6f914c59b27265be5a857

SHA512
5e3c351bb2b17db6199735288ef1440cb9efd267ce275bb0364511d35c6e2601f6911121c179a5b19cdde41a654d5376b96411f34170f3f57c92793b0fa61178

Download Submit
\Users\Admin\AppData\Local\Temp\190f09a068fbc8535fd1a697fb6ff812.exe

Filesize
382KB

MD5
50484b20b15823549306db12a6f2ff3d

SHA1
b1de872b70d1317cc86879813af3e731b360ea93

SHA256
ecac4de8d61a18270e8eff56c73009d8989696a89a5429c4de129a551f9c762e

SHA512
b8b0c868fc1584f4832543ea3814bf87ac31ed548fc1df5eb6be94701e0020568a97a2b9b75557b35fdd302fd95cf92f10707db20eb4863ca9322b93b935758d

Download Submit
memory/2380-19-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/2380-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2380-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2380-25-0x0000000003550000-0x000000000377A000-memory.dmp

Filesize
2.2MB

Download
memory/2380-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2380-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2984-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2984-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2984-15-0x0000000003DB0000-0x000000000429F000-memory.dmp

Filesize
4.9MB

Download
memory/2984-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2984-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2984-30-0x0000000003DB0000-0x000000000429F000-memory.dmp

Filesize
4.9MB

Download