d4f1428735e1814b456adde5d7b7f458a08c8078023eb20604421d2d09cfca2d

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ace4b958ac6f3556c5ad0e44405d306.exe
Size

2.7MB
MD5

1ace4b958ac6f3556c5ad0e44405d306
SHA1

04d8092f532ce68224d45b83e7204240e6f3b0e0
SHA256

d4f1428735e1814b456adde5d7b7f458a08c8078023eb20604421d2d09cfca2d
SHA512

d31a4a5c5a4e1ee72935d8a0ff25aebe56c770f538df814faabc6c74e6a2bd2cec9cec190ed007d4ba23b975a20d8a43009f1d63b48822f08b733a464dd38826
SSDEEP

49152:Ezb1pENOTfnkmvx3pDKIzWik7JsbRFJgYcKuzZ0f+4dWFzI0gf:4E0bJ9Kak7qbRFJmWf+46hgf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1620	1ace4b958ac6f3556c5ad0e44405d306.exe

Executes dropped EXE 1 IoCs

pid	Process
1620	1ace4b958ac6f3556c5ad0e44405d306.exe

Loads dropped DLL 1 IoCs

pid	Process
1704	1ace4b958ac6f3556c5ad0e44405d306.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1620-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1704-15-0x0000000003770000-0x0000000003C5F000-memory.dmp	upx
behavioral1/files/0x0009000000012281-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1704	1ace4b958ac6f3556c5ad0e44405d306.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1704	1ace4b958ac6f3556c5ad0e44405d306.exe
1620	1ace4b958ac6f3556c5ad0e44405d306.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1620	1704	1ace4b958ac6f3556c5ad0e44405d306.exe	20
PID 1704 wrote to memory of 1620	1704	1ace4b958ac6f3556c5ad0e44405d306.exe	20
PID 1704 wrote to memory of 1620	1704	1ace4b958ac6f3556c5ad0e44405d306.exe	20
PID 1704 wrote to memory of 1620	1704	1ace4b958ac6f3556c5ad0e44405d306.exe	20

C:\Users\Admin\AppData\Local\Temp\1ace4b958ac6f3556c5ad0e44405d306.exe
"C:\Users\Admin\AppData\Local\Temp\1ace4b958ac6f3556c5ad0e44405d306.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\1ace4b958ac6f3556c5ad0e44405d306.exe
  C:\Users\Admin\AppData\Local\Temp\1ace4b958ac6f3556c5ad0e44405d306.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1ace4b958ac6f3556c5ad0e44405d306.exe

Filesize
92KB

MD5
6d15660b9be2c0964a30ead501ea8e2d

SHA1
8bb637defdcfa7ebb11899711a77aa98413bf255

SHA256
f8297a50800615d6ff975ddc668fd4305a38e2b0826f52ceed4723e4af75e4ba

SHA512
6f790067fdb572dc70deba13553a8ca1a625cda72e164dda292d5febbf839ca6fb3af2c754b37f00dd696db1d9b59a67bb53a64e010c97a301b54ff0b18bbcd3

Download Submit
memory/1620-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1620-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1620-25-0x0000000003540000-0x000000000376A000-memory.dmp

Filesize
2.2MB

Download
memory/1620-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1620-18-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1620-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1704-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1704-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1704-15-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/1704-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1704-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1704-31-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download