e2553a09a4876f187f963cba90607b007c2df18776e95514419a4e4332bb1884

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe
Size

1.3MB
MD5

180de2ac2dee7eb3ac8f8bd0a0e32e5a
SHA1

75f588438aa4aa1148b3d166b60ecd52e3742ee9
SHA256

e2553a09a4876f187f963cba90607b007c2df18776e95514419a4e4332bb1884
SHA512

871b78cb25700a9348e0cc19bbdcbf44f8615d6b8f1f1ed027f2a872411a281d08502d30455ff882e573c28b9233e14cb0f87f21e298caddd5ccfbfdf6dfd9a5
SSDEEP

24576:hh9ecaeEpKsSw8IsodWNKR8Tg76RWr3RmObCjoz2xU4sWc:t0yW8IsiWg6grkOixBsp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2984	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe

Executes dropped EXE 1 IoCs

pid	Process
2984	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012238-12.dat	upx
behavioral1/memory/2984-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe
2984	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2984	2204	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe	28
PID 2204 wrote to memory of 2984	2204	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe	28
PID 2204 wrote to memory of 2984	2204	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe	28
PID 2204 wrote to memory of 2984	2204	180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe	28

C:\Users\Admin\AppData\Local\Temp\180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe
"C:\Users\Admin\AppData\Local\Temp\180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe
  C:\Users\Admin\AppData\Local\Temp\180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\180de2ac2dee7eb3ac8f8bd0a0e32e5a.exe

Filesize
1.3MB

MD5
422cd139aaf57393c627c60718ba6366

SHA1
10f8d8289229310a2d4b0be7645150307c90b630

SHA256
ea44472b2f950a992c3a83108d1a6cc8bd3628ee2088bcfae8ba0e979eac2783

SHA512
e416ebb9ee53304bbe61bb9ac912a92ace6cdb776281cd36f05f3d7ae3614cb1998dd0a2dab2d804f43b2838c82fc2568a3603a05e0bae3fe53c44b8b6502dfd

Download Submit
memory/2204-31-0x00000000035E0000-0x0000000003ACF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-1-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2204-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-15-0x00000000035E0000-0x0000000003ACF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2984-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2984-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2984-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2984-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2984-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2984-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download