001a5adf4e857d831d43681192450372f610f71870dbd72b872f03e59f07f038

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

215e4ec107f9be551d240e47fee94bea.exe
Size

1010KB
MD5

215e4ec107f9be551d240e47fee94bea
SHA1

d83ae3ea62dd913a43be6033cef7af3465d33b39
SHA256

001a5adf4e857d831d43681192450372f610f71870dbd72b872f03e59f07f038
SHA512

59e4b2b810c7b340375c91d4278a79847cef3a5b86c5af4ad1ea1764b36a44d2ffc82574a24266e6500a007f05366ba49262d79cecd09eabc28d5d46bdf08728
SSDEEP

12288:CsLnwMYOlojVYGenIORjPwvMYTfmeTM1XKNczfMcJ9dCYTfm:SqQPmIOLmfBTWX8d4Cmf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2732	215e4ec107f9be551d240e47fee94bea.exe

Executes dropped EXE 1 IoCs

pid	Process
2732	215e4ec107f9be551d240e47fee94bea.exe

Loads dropped DLL 1 IoCs

pid	Process
2460	215e4ec107f9be551d240e47fee94bea.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2460-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x0008000000012263-10.dat	upx
behavioral1/files/0x0008000000012263-12.dat	upx
behavioral1/memory/2460-16-0x0000000002DC0000-0x0000000002EB1000-memory.dmp	upx
behavioral1/files/0x0008000000012263-15.dat	upx
behavioral1/memory/2732-17-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2460	215e4ec107f9be551d240e47fee94bea.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2460	215e4ec107f9be551d240e47fee94bea.exe
2732	215e4ec107f9be551d240e47fee94bea.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2732	2460	215e4ec107f9be551d240e47fee94bea.exe	30
PID 2460 wrote to memory of 2732	2460	215e4ec107f9be551d240e47fee94bea.exe	30
PID 2460 wrote to memory of 2732	2460	215e4ec107f9be551d240e47fee94bea.exe	30
PID 2460 wrote to memory of 2732	2460	215e4ec107f9be551d240e47fee94bea.exe	30

C:\Users\Admin\AppData\Local\Temp\215e4ec107f9be551d240e47fee94bea.exe
"C:\Users\Admin\AppData\Local\Temp\215e4ec107f9be551d240e47fee94bea.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\215e4ec107f9be551d240e47fee94bea.exe
  C:\Users\Admin\AppData\Local\Temp\215e4ec107f9be551d240e47fee94bea.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\215e4ec107f9be551d240e47fee94bea.exe

Filesize
957KB

MD5
5fc3721282263f8ebf4c03413e88b420

SHA1
d66d36bca2fcb2aa25a35842366be2d8da25838a

SHA256
3e5dee7e8d55fd2c3b0ce9df35190539ba94237653e50effafac5225e5b05531

SHA512
a96fa7933617de9c83b91b57e9853f46f63a9999795e37ae8de95a33cb561c6fdaa20e1bcc76e6092fae9e2aece1a44dead9b9d06f72b5e78492384d3d962218

Download Submit
C:\Users\Admin\AppData\Local\Temp\215e4ec107f9be551d240e47fee94bea.exe

Filesize
1010KB

MD5
3ee4e3788b75f903925b57b782330332

SHA1
3b985369c97ecff6ba6cd988e66d251d3946b58b

SHA256
d197b837816596386206cdb0730bd0e54e375f764032c3ffa7dbd13912f4be9d

SHA512
81c6541e8cb5709d78d0fe062f572aff6ee8ccaf5c31fd1a1849ab843af7df14c1a557c9297282ced2f552d9ac5c6072d1e37d672752cf93ff2b1227880f1d05

Download Submit
\Users\Admin\AppData\Local\Temp\215e4ec107f9be551d240e47fee94bea.exe

Filesize
896KB

MD5
5ff62922443d1fccef32fdec925826f1

SHA1
ee0edd37d5b1673c1fb0d73f9905ebdf7b39b66d

SHA256
053ae2c25d83e77610aa1c8bd71b12a31adceeb0a54f713852e3c209f6c8ce30

SHA512
748807f6e150eac25998f80d8d30741c2dc697a0bf79d1cabeee171d6350d60e24507ac2f7e20f2622e6d899a6cf7990ac5aa53eabb7224088496d04ed60d9c5

Download Submit
memory/2460-16-0x0000000002DC0000-0x0000000002EB1000-memory.dmp

Filesize
964KB

Download
memory/2460-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2460-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2460-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2460-3-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/2460-31-0x0000000002DC0000-0x0000000002EB1000-memory.dmp

Filesize
964KB

Download
memory/2732-18-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2732-17-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2732-19-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/2732-25-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/2732-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2732-32-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download