579f0bd248dcfaf324ec05cc6d5f769bf1a727e518e76d6faf2b3f7d5d15dd3f

Analysis

max time kernel
118s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b72984918b4ab828140a10836f41601.exe
Size

1.3MB
MD5

1b72984918b4ab828140a10836f41601
SHA1

d27983bdefb308c1345ccb1340e5d93899925f11
SHA256

579f0bd248dcfaf324ec05cc6d5f769bf1a727e518e76d6faf2b3f7d5d15dd3f
SHA512

66fd519ffa4eb18a93c70ecf78375fa6035bb2768ce169bb9527b1bcd7a408d487e3772091b86227ade812fffbc15ac6e36a028845594187d4a14193e813117a
SSDEEP

24576:kyGtkNQFoYk9wdxhPkgfJBawcZeObGx/QyEPlpQ9Orb47GCvG:k1mQFRk9QbJ1cG58Q9ib47

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1184	1b72984918b4ab828140a10836f41601.exe

Executes dropped EXE 1 IoCs

pid	Process
1184	1b72984918b4ab828140a10836f41601.exe

Loads dropped DLL 1 IoCs

pid	Process
2804	1b72984918b4ab828140a10836f41601.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2804-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0008000000012266-11.dat	upx
behavioral1/memory/1184-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0008000000012266-16.dat	upx
behavioral1/memory/2804-14-0x0000000003660000-0x0000000003ACA000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2804	1b72984918b4ab828140a10836f41601.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2804	1b72984918b4ab828140a10836f41601.exe
1184	1b72984918b4ab828140a10836f41601.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 1184	2804	1b72984918b4ab828140a10836f41601.exe	27
PID 2804 wrote to memory of 1184	2804	1b72984918b4ab828140a10836f41601.exe	27
PID 2804 wrote to memory of 1184	2804	1b72984918b4ab828140a10836f41601.exe	27
PID 2804 wrote to memory of 1184	2804	1b72984918b4ab828140a10836f41601.exe	27

C:\Users\Admin\AppData\Local\Temp\1b72984918b4ab828140a10836f41601.exe
"C:\Users\Admin\AppData\Local\Temp\1b72984918b4ab828140a10836f41601.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Users\Admin\AppData\Local\Temp\1b72984918b4ab828140a10836f41601.exe
  C:\Users\Admin\AppData\Local\Temp\1b72984918b4ab828140a10836f41601.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1b72984918b4ab828140a10836f41601.exe

Filesize
955KB

MD5
1ec12c9f0898f21bf3e1c08fddbdd926

SHA1
7f2e6c20ad1a0ff8ea2df5452b04d3d729e487ec

SHA256
a31637e51567000d9048719fbfe62fe8b005a5239171eb245f6be467c232bce4

SHA512
53eb3bb68dd53978ed34661849854aa067a9965193977a5942172cd6879ce0502d01bbaf7bd0fa5a02504630d077885b79d53699325c910cf04a0a17a8a6809a

Download Submit
\Users\Admin\AppData\Local\Temp\1b72984918b4ab828140a10836f41601.exe

Filesize
772KB

MD5
911256a03eb1229cc8452054766054ab

SHA1
a6b1f7349a126b3fe9666ddbb942dc80a78e73e4

SHA256
5d745f184af44336f54b3a5f327f1439c732c4f72b15fd54f9c261aa342e453d

SHA512
6da7743a50af8d5e8babb2b7a3c8f412e3f8557bbbb1fbf8f1d747a6944d374e1a6af98cf99734746ee6e6aa45eb3bf92ef9bd7d3c9ea48a9ee939e790793bf7

Download Submit
memory/1184-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1184-19-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/1184-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1184-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2804-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2804-1-0x0000000000240000-0x0000000000352000-memory.dmp

Filesize
1.1MB

Download
memory/2804-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2804-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2804-14-0x0000000003660000-0x0000000003ACA000-memory.dmp

Filesize
4.4MB

Download