9d611f051778970b345bc0fa399d7a30ad7d94a021007a8f3877ea672fbb29b9

Analysis

max time kernel
143s
max time network
162s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1982c964128c8180d02c2133a6e12dc0.exe
Size

2.7MB
MD5

1982c964128c8180d02c2133a6e12dc0
SHA1

8ac98173a21f9d75abbda931edfe15ba4eb55219
SHA256

9d611f051778970b345bc0fa399d7a30ad7d94a021007a8f3877ea672fbb29b9
SHA512

1c99843f502fb14870a00a94eb1e9063dbc7461034385e95ea8420448589b83bc1dc2af8095a4b84dc06a83b8af8503337573581aa96fe7e2c23bad8f6e76ed7
SSDEEP

49152:QT0hn4fwvgA2C78R8834pm0rdD+yWR92i0QacYAxcU63DMcbGBAJUGuaR9j:QT0hlvP248RH3g9SH2hOYgcn3eBAJ7Hj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1888	1982c964128c8180d02c2133a6e12dc0.exe

Executes dropped EXE 1 IoCs

pid	Process
1888	1982c964128c8180d02c2133a6e12dc0.exe

Loads dropped DLL 1 IoCs

pid	Process
2820	1982c964128c8180d02c2133a6e12dc0.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2820-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/memory/2820-15-0x0000000003770000-0x0000000003C57000-memory.dmp	upx
behavioral1/memory/1888-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2820	1982c964128c8180d02c2133a6e12dc0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2820	1982c964128c8180d02c2133a6e12dc0.exe
1888	1982c964128c8180d02c2133a6e12dc0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1888	2820	1982c964128c8180d02c2133a6e12dc0.exe	27
PID 2820 wrote to memory of 1888	2820	1982c964128c8180d02c2133a6e12dc0.exe	27
PID 2820 wrote to memory of 1888	2820	1982c964128c8180d02c2133a6e12dc0.exe	27
PID 2820 wrote to memory of 1888	2820	1982c964128c8180d02c2133a6e12dc0.exe	27

C:\Users\Admin\AppData\Local\Temp\1982c964128c8180d02c2133a6e12dc0.exe
"C:\Users\Admin\AppData\Local\Temp\1982c964128c8180d02c2133a6e12dc0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\1982c964128c8180d02c2133a6e12dc0.exe
  C:\Users\Admin\AppData\Local\Temp\1982c964128c8180d02c2133a6e12dc0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1982c964128c8180d02c2133a6e12dc0.exe

Filesize
1.2MB

MD5
5f195999d3a350d90982dfe7165f2739

SHA1
1460be4c00247bcc4eadfbd82933a2e3f9052bde

SHA256
6a36b82b6108b50e2e1ba56be6a3ed701d10d97e49c593dd5608c01e1f0b1e40

SHA512
108794fe1ba3c63d6b7daa0de45d6639d390e8769c1a7b3f86664ac19432aad72332ed12059b030ef61f008ec494d1c02b6bb62d8a77120808361bdec7e919eb

Download Submit
\Users\Admin\AppData\Local\Temp\1982c964128c8180d02c2133a6e12dc0.exe

Filesize
2.4MB

MD5
c414ec0248679e8c5603a103d0a496c7

SHA1
05e5c8a4630c54f95f6d97680e1c840108041ca3

SHA256
af1b571257f3a6c696d0dc1aea98b7917b90419ef46b47c1ecab54bd71019ba7

SHA512
c7d08f0604ca3b80ca155c05ccfe5bccda81100c24a2d0eb828b6ca9ae1f695a60a1493b981caa42addcf3af23e688389039a9d205bf506f3c8fa57f0224b31a

Download Submit
memory/1888-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1888-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1888-25-0x0000000003580000-0x00000000037A2000-memory.dmp

Filesize
2.1MB

Download
memory/1888-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1888-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2820-10-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2820-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2820-15-0x0000000003770000-0x0000000003C57000-memory.dmp

Filesize
4.9MB

Download
memory/2820-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2820-1-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2820-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download