c91188bc71fed59d5655e11d09ba9bca1000e1a44a830a738c82a4d6e3a91d9e

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

213bcb1d140e4d885e7ece1f65bdebec.exe
Size

1.3MB
MD5

213bcb1d140e4d885e7ece1f65bdebec
SHA1

7a4492f0cc5390aaa830e0c2c04c16be72655fff
SHA256

c91188bc71fed59d5655e11d09ba9bca1000e1a44a830a738c82a4d6e3a91d9e
SHA512

a261d80903576130da32945889485f13cd6379cb9a692e80fdeaaf05eccc46a169ac9801cd347e7016c3fccac8411760c8d4534eb27bd484bee7670299d921c5
SSDEEP

24576:+0WpaToS8jGovP3SMQXS/fODFfJ3XfsjlVbV74zoVObE5vG:Ca836AntCF1P6Vb2y

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2412	213bcb1d140e4d885e7ece1f65bdebec.exe

Executes dropped EXE 1 IoCs

pid	Process
2412	213bcb1d140e4d885e7ece1f65bdebec.exe

Loads dropped DLL 1 IoCs

pid	Process
1992	213bcb1d140e4d885e7ece1f65bdebec.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000012327-11.dat	upx
behavioral1/files/0x000c000000012327-14.dat	upx
behavioral1/memory/1992-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1992	213bcb1d140e4d885e7ece1f65bdebec.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1992	213bcb1d140e4d885e7ece1f65bdebec.exe
2412	213bcb1d140e4d885e7ece1f65bdebec.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2412	1992	213bcb1d140e4d885e7ece1f65bdebec.exe	17
PID 1992 wrote to memory of 2412	1992	213bcb1d140e4d885e7ece1f65bdebec.exe	17
PID 1992 wrote to memory of 2412	1992	213bcb1d140e4d885e7ece1f65bdebec.exe	17
PID 1992 wrote to memory of 2412	1992	213bcb1d140e4d885e7ece1f65bdebec.exe	17

C:\Users\Admin\AppData\Local\Temp\213bcb1d140e4d885e7ece1f65bdebec.exe
"C:\Users\Admin\AppData\Local\Temp\213bcb1d140e4d885e7ece1f65bdebec.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\213bcb1d140e4d885e7ece1f65bdebec.exe
  C:\Users\Admin\AppData\Local\Temp\213bcb1d140e4d885e7ece1f65bdebec.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\213bcb1d140e4d885e7ece1f65bdebec.exe

Filesize
74KB

MD5
1529ee0230824e38414fd21353f9dbae

SHA1
f30c63f4851393baf62ebc805620dc633482cc63

SHA256
9bc5b98a2f9c52c44f83a99974f929f173c9c6763aabb93a3a7c768aac01d620

SHA512
d7b04631ce3b8fcb84cf912b2c96f620281e89b622b10d44bc311c29fd57d156ecef0e704da8fa013f80df57543fbb168d5819a97f1c11d860983c5b86d4babd

Download Submit
\Users\Admin\AppData\Local\Temp\213bcb1d140e4d885e7ece1f65bdebec.exe

Filesize
296KB

MD5
a0d7cbf4057a1663b0ddbdd24447ce07

SHA1
195facb53fcfc90cb09791838346c81598186358

SHA256
83900f122bcb21e0e3e7d86fd9a195d8b294351ab9ee41c013d71792978ce75c

SHA512
35e380f7c13341cf8f6d38e615a368e4dedebfe515621ed0eaa14e96276ee11150f019a28a36c6d19f243151c6f7da43946790f5dfa04ffe93b9391820a5edcd

Download Submit
memory/1992-2-0x0000000000240000-0x0000000000352000-memory.dmp

Filesize
1.1MB

Download
memory/1992-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1992-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1992-16-0x00000000034D0000-0x000000000393A000-memory.dmp

Filesize
4.4MB

Download
memory/1992-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2412-20-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2412-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2412-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2412-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download