38bf40d8290a1160eaf51432810cc60a76db498bf6351919406f3375aee3f6c7

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a5a2351fd1866518d84fa69d9e850eb.exe
Size

2.9MB
MD5

1a5a2351fd1866518d84fa69d9e850eb
SHA1

dbe9a30df41fac897f622d5114e60bef98a785ee
SHA256

38bf40d8290a1160eaf51432810cc60a76db498bf6351919406f3375aee3f6c7
SHA512

7d7365f8b0041752d7af7068d9e25048ca5bd3569821b4c32a9acab29cd9ce8ad0c4d48e0e5acef151ea225e8942784f09072636a670f3809603c898fbb4c103
SSDEEP

49152:Iw7xM9pM/UBMaBjndAPGITVCDuN74NH5HUyNRcUsCVOzetdZJ:vsM/UFlni6Du4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2296	1a5a2351fd1866518d84fa69d9e850eb.exe

Executes dropped EXE 1 IoCs

pid	Process
2296	1a5a2351fd1866518d84fa69d9e850eb.exe

Loads dropped DLL 1 IoCs

pid	Process
2180	1a5a2351fd1866518d84fa69d9e850eb.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012270-10.dat	upx
behavioral1/memory/2180-14-0x00000000037D0000-0x0000000003CBF000-memory.dmp	upx
behavioral1/memory/2296-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012270-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2180	1a5a2351fd1866518d84fa69d9e850eb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2180	1a5a2351fd1866518d84fa69d9e850eb.exe
2296	1a5a2351fd1866518d84fa69d9e850eb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2296	2180	1a5a2351fd1866518d84fa69d9e850eb.exe	28
PID 2180 wrote to memory of 2296	2180	1a5a2351fd1866518d84fa69d9e850eb.exe	28
PID 2180 wrote to memory of 2296	2180	1a5a2351fd1866518d84fa69d9e850eb.exe	28
PID 2180 wrote to memory of 2296	2180	1a5a2351fd1866518d84fa69d9e850eb.exe	28

C:\Users\Admin\AppData\Local\Temp\1a5a2351fd1866518d84fa69d9e850eb.exe
"C:\Users\Admin\AppData\Local\Temp\1a5a2351fd1866518d84fa69d9e850eb.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\1a5a2351fd1866518d84fa69d9e850eb.exe
  C:\Users\Admin\AppData\Local\Temp\1a5a2351fd1866518d84fa69d9e850eb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1a5a2351fd1866518d84fa69d9e850eb.exe

Filesize
577KB

MD5
75a01938c1baf21edc4cbd1c7402b1ff

SHA1
5ea6940019e0cd89d45bc473e79ab463dfb1df31

SHA256
99a63d44f853fe9ab235d9b3799d0360ece71d9115d50ec1eec8b5a6619c0d3e

SHA512
f3b2547d32509b1e8de62a58f0f3eaf701abfeb9c869169cbfd29ffc8ef35d96bee2412cb077d55431f3bb9e4638882777076c73c56320035022e989ce1e4338

Download Submit
\Users\Admin\AppData\Local\Temp\1a5a2351fd1866518d84fa69d9e850eb.exe

Filesize
103KB

MD5
ba4de22dd16dedfba9a6e4bcb8206fcc

SHA1
e5d1b650d8098ba7d6ad982d89af3c5b04b62b7a

SHA256
b1785d83ff76ce28e847582d2bd579987e90f3e99c91491f56309fb0f99fc391

SHA512
9818957d1027a83948a6645d475ef4e8bb393b389d94d74f1452988751de7b4db786ff55a8af6040e0b49cec97bec6a2717b81607b14361ee54b5945b6883ad0

Download Submit
memory/2180-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2180-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2180-14-0x00000000037D0000-0x0000000003CBF000-memory.dmp

Filesize
4.9MB

Download
memory/2180-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2180-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2180-31-0x00000000037D0000-0x0000000003CBF000-memory.dmp

Filesize
4.9MB

Download
memory/2296-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2296-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2296-17-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2296-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2296-25-0x0000000003530000-0x000000000375A000-memory.dmp

Filesize
2.2MB

Download
memory/2296-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download