5f1e7dabfaab0f9ce962960b73d48ee989ff373131097050dbb7b78ea5d83544

Analysis

max time kernel
122s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18dd4df7688d04c38e04c1d87a2b148a.exe
Size

1.5MB
MD5

18dd4df7688d04c38e04c1d87a2b148a
SHA1

b190b0bdc620c2018fccb4fb6dcf12b2bca77370
SHA256

5f1e7dabfaab0f9ce962960b73d48ee989ff373131097050dbb7b78ea5d83544
SHA512

690dbf8627ab3d57beef9ebba6ed6e42d2898a0ebb541073bd647eb0ed9a440159765946ebb5070592797f95e15fa6c5ef210734c4a2c17a23a96aaeb22fb49f
SSDEEP

24576:OoS9vCiad410r8IK1yCYAxijBAQ6G2wt7oLC/yeNd7flwPYw2UELi0GXW:OoSkd49IK1riFMR67oLwBNd7KA/UEO0u

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2536	18dd4df7688d04c38e04c1d87a2b148a.exe

Executes dropped EXE 1 IoCs

pid	Process
2536	18dd4df7688d04c38e04c1d87a2b148a.exe

Loads dropped DLL 1 IoCs

pid	Process
1868	18dd4df7688d04c38e04c1d87a2b148a.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1868-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012222-10.dat	upx
behavioral1/files/0x0008000000012222-14.dat	upx
behavioral1/memory/1868-15-0x00000000035C0000-0x0000000003AAF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1868	18dd4df7688d04c38e04c1d87a2b148a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1868	18dd4df7688d04c38e04c1d87a2b148a.exe
2536	18dd4df7688d04c38e04c1d87a2b148a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2536	1868	18dd4df7688d04c38e04c1d87a2b148a.exe	28
PID 1868 wrote to memory of 2536	1868	18dd4df7688d04c38e04c1d87a2b148a.exe	28
PID 1868 wrote to memory of 2536	1868	18dd4df7688d04c38e04c1d87a2b148a.exe	28
PID 1868 wrote to memory of 2536	1868	18dd4df7688d04c38e04c1d87a2b148a.exe	28

C:\Users\Admin\AppData\Local\Temp\18dd4df7688d04c38e04c1d87a2b148a.exe
"C:\Users\Admin\AppData\Local\Temp\18dd4df7688d04c38e04c1d87a2b148a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Users\Admin\AppData\Local\Temp\18dd4df7688d04c38e04c1d87a2b148a.exe
  C:\Users\Admin\AppData\Local\Temp\18dd4df7688d04c38e04c1d87a2b148a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\18dd4df7688d04c38e04c1d87a2b148a.exe

Filesize
478KB

MD5
8633a586a39714aafb966f5bcafb4749

SHA1
d2bad4f6876a0ea6abd80a390d984b3555b84991

SHA256
c5c20dd4d282a29711b52898c9627aaa6eb296a3d154a2c35d115bbc2cdfb41c

SHA512
bfc6e55be672add8eacafd34ffd358c5f0ce348e40b65988796b5c119ae4237bd5319229ff7d5417fe0685a4e66f52410833234ae42be448205b396bc5bdd06f

Download Submit
\Users\Admin\AppData\Local\Temp\18dd4df7688d04c38e04c1d87a2b148a.exe

Filesize
688KB

MD5
08a741aa035a808c33cc73ac6632ed27

SHA1
4462103f03250b0cc927e9afde7b3c1851be0b41

SHA256
af35060dc0b30311320f93a1086c2300a5cd28f8902140438ebd1446b206cc80

SHA512
3aba112c26bb6e3b76041ea8b5fe221bd2314e036e3e3dcd5397790897b3598824c6987a44ff31c30cb6920d988c5c54077c56d79a43f56f946d97e8589297c7

Download Submit
memory/1868-15-0x00000000035C0000-0x0000000003AAF000-memory.dmp

Filesize
4.9MB

Download
memory/1868-2-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/1868-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1868-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1868-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2536-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2536-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2536-20-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2536-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2536-24-0x0000000003540000-0x000000000376A000-memory.dmp

Filesize
2.2MB

Download
memory/2536-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download