a219618e67d113573c5d3d2638705f670415ba28ea8508e1fec029a2a877df2c

Analysis

max time kernel
121s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2112644c978fa5f73525fc9cc109de54.exe
Size

1.3MB
MD5

2112644c978fa5f73525fc9cc109de54
SHA1

9574740174a1f1d51e3ba7138f44f9badbb0b7a5
SHA256

a219618e67d113573c5d3d2638705f670415ba28ea8508e1fec029a2a877df2c
SHA512

22bee2905fff68af011223bdf8a64d2b3f30c359ff46bebbba0d1fdbd60b8b132a0f03079d7982b8a804451f079901a95d9f646b2d3dc0618f073c76f4cf6639
SSDEEP

24576:ovDm8UhABGFhs7VgcL3UalJRpbO6bpqcl0F6hJivNEshWc:ovDu9FhNAX/RpC6bpqLUhMhp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2976	2112644c978fa5f73525fc9cc109de54.exe

Executes dropped EXE 1 IoCs

pid	Process
2976	2112644c978fa5f73525fc9cc109de54.exe

Loads dropped DLL 1 IoCs

pid	Process
1816	2112644c978fa5f73525fc9cc109de54.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1816-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001225b-10.dat	upx
behavioral1/memory/1816-15-0x00000000034D0000-0x00000000039BF000-memory.dmp	upx
behavioral1/files/0x000a00000001225b-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1816	2112644c978fa5f73525fc9cc109de54.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1816	2112644c978fa5f73525fc9cc109de54.exe
2976	2112644c978fa5f73525fc9cc109de54.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 2976	1816	2112644c978fa5f73525fc9cc109de54.exe	26
PID 1816 wrote to memory of 2976	1816	2112644c978fa5f73525fc9cc109de54.exe	26
PID 1816 wrote to memory of 2976	1816	2112644c978fa5f73525fc9cc109de54.exe	26
PID 1816 wrote to memory of 2976	1816	2112644c978fa5f73525fc9cc109de54.exe	26

C:\Users\Admin\AppData\Local\Temp\2112644c978fa5f73525fc9cc109de54.exe
"C:\Users\Admin\AppData\Local\Temp\2112644c978fa5f73525fc9cc109de54.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Users\Admin\AppData\Local\Temp\2112644c978fa5f73525fc9cc109de54.exe
  C:\Users\Admin\AppData\Local\Temp\2112644c978fa5f73525fc9cc109de54.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2112644c978fa5f73525fc9cc109de54.exe

Filesize
39KB

MD5
9ba5b600421646fbc255e477d5fe71e3

SHA1
0d258fbcb4ee9d3aefc39980a9e9bc82d29c93aa

SHA256
fac0a85c13b1c3d58739efb0917e78fc32fb1ff745c20080c4184f175745cb7c

SHA512
6fc4512481d878fe8df2da777d5164dacd9def051e0aa783fc7138af61a1bb19021cd2f6cb1a2cf44a6fbd98e340a3960ed26fb912b60966e2a395ac0f9f5dd8

Download Submit
\Users\Admin\AppData\Local\Temp\2112644c978fa5f73525fc9cc109de54.exe

Filesize
158KB

MD5
8a239975086e3eeb7c0ed4c8dbf2e3f6

SHA1
04abcd5fbadc97c0df90e93575778ce3e9d9bb69

SHA256
e9235dbc424b9a54c7cb23b42d138f083735465bbb77a8ed89065be37bae7d77

SHA512
ef1c60afdf98bb3018f9c4827e52abdbe39617f688b3f623e74f46a66752a4a4f652addd82885857dc81894fe87dab8acbeb3ef6a2cb1e29695f70b352eef7ba

Download Submit
memory/1816-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1816-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1816-15-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/1816-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1816-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1816-30-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2976-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2976-16-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2976-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2976-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2976-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download