b78a195933dec6429ed40db4653efef8f71bb2e38ad25c859f648a52baf664d6

Analysis

max time kernel
139s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20ebb900d939109c2c237f8be5b28e06.exe
Size

5.3MB
MD5

20ebb900d939109c2c237f8be5b28e06
SHA1

3d7eb534e871bb2bfaee6dc1ca4bd5b789ec8bb6
SHA256

b78a195933dec6429ed40db4653efef8f71bb2e38ad25c859f648a52baf664d6
SHA512

e049bb4e646852cb9708b978e8ddc766d8175922954111a3d2a6da7caf7c0060b741ee78675be93fdae6f4194de2118250e763cb52d4e9248bcf59e3bb8b9dc0
SSDEEP

98304:0UWgM4muNBLOoHktBcwQDM2YIDULHHQNddxWMEQlgjHktBcwQDM2YIDULHt:tWg0M1zschDHIUzlgjschDHIN

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3068	20ebb900d939109c2c237f8be5b28e06.exe

Executes dropped EXE 1 IoCs

pid	Process
3068	20ebb900d939109c2c237f8be5b28e06.exe

Loads dropped DLL 1 IoCs

pid	Process
1152	20ebb900d939109c2c237f8be5b28e06.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1152-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/1152-16-0x0000000003D50000-0x0000000004237000-memory.dmp	upx
behavioral1/files/0x000c000000012242-14.dat	upx
behavioral1/files/0x000c000000012242-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1152	20ebb900d939109c2c237f8be5b28e06.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1152	20ebb900d939109c2c237f8be5b28e06.exe
3068	20ebb900d939109c2c237f8be5b28e06.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 3068	1152	20ebb900d939109c2c237f8be5b28e06.exe	28
PID 1152 wrote to memory of 3068	1152	20ebb900d939109c2c237f8be5b28e06.exe	28
PID 1152 wrote to memory of 3068	1152	20ebb900d939109c2c237f8be5b28e06.exe	28
PID 1152 wrote to memory of 3068	1152	20ebb900d939109c2c237f8be5b28e06.exe	28

C:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe
"C:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe
  C:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe

Filesize
381KB

MD5
319c1fb4efa8ca5866171aaf48a8e214

SHA1
393a3de445ced4f1550ea30e11d5de39081cedf2

SHA256
a3f21a2b689464b589db952024fdceb9be9cad5b6de62a34464cbbdcf9fbd794

SHA512
f60c164dac8ad97c29b7eed95faede499fed3716e93ca6661455b2654be646e071f957f111de33a1a36d69e770b445d2689e9473223ae3a5cb1eadb8ab8ad940

Download Submit
\Users\Admin\AppData\Local\Temp\20ebb900d939109c2c237f8be5b28e06.exe

Filesize
894KB

MD5
1e8abd8665102f9af51dea144cdba40c

SHA1
fc5a4f7f5ee913b7d7491fc763f7f9a3afd9ec66

SHA256
dd9d41925641ddea1a53230a5a9abe535f4b8f0a03d6a7df998cd9e563a30936

SHA512
4de629e2eccee1ae37a75ca12790bfe7d9f9744b84daf99ce962ab1e55e98e58d5aa6bb135210c694c3f95eb4497297274059dba30c67ca1fa1a731e49f7ee4a

Download Submit
memory/1152-3-0x0000000000230000-0x0000000000361000-memory.dmp

Filesize
1.2MB

Download
memory/1152-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1152-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1152-16-0x0000000003D50000-0x0000000004237000-memory.dmp

Filesize
4.9MB

Download
memory/1152-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3068-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3068-21-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/3068-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3068-26-0x0000000003400000-0x0000000003622000-memory.dmp

Filesize
2.1MB

Download
memory/3068-19-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3068-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download