02236c199aef0eb74f2131038a2e22d17d46be9fb57c0f3733b2571d44fffd39

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21df7b89e709cb3f8d3dec426de9db49.exe
Size

1.3MB
MD5

21df7b89e709cb3f8d3dec426de9db49
SHA1

646cf7f0366f2dbc7c49594420772f9bd7f7ea05
SHA256

02236c199aef0eb74f2131038a2e22d17d46be9fb57c0f3733b2571d44fffd39
SHA512

a217184c9a94a7dffa9f02e64f6ca537c9f6324a6bdca982a5c38531b1a36c6047c9c5ef47069bd3c556d903eebab23325b64b9cae05825fefee2afddeb82ad6
SSDEEP

24576:vQJ45dmKJXUkQMaaNZxU2D8JWkjJMZ2nCSXuZ7XXoV5diuRucdkgWc:UodLBEa7C22zJMZwvuZEBiuRuwvp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2732	21df7b89e709cb3f8d3dec426de9db49.exe

Executes dropped EXE 1 IoCs

pid	Process
2732	21df7b89e709cb3f8d3dec426de9db49.exe

Loads dropped DLL 1 IoCs

pid	Process
624	21df7b89e709cb3f8d3dec426de9db49.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/624-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012261-10.dat	upx
behavioral1/files/0x000b000000012261-15.dat	upx
behavioral1/memory/2732-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/624-14-0x00000000034D0000-0x00000000039BF000-memory.dmp	upx
behavioral1/files/0x000b000000012261-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
624	21df7b89e709cb3f8d3dec426de9db49.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
624	21df7b89e709cb3f8d3dec426de9db49.exe
2732	21df7b89e709cb3f8d3dec426de9db49.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2732	624	21df7b89e709cb3f8d3dec426de9db49.exe	28
PID 624 wrote to memory of 2732	624	21df7b89e709cb3f8d3dec426de9db49.exe	28
PID 624 wrote to memory of 2732	624	21df7b89e709cb3f8d3dec426de9db49.exe	28
PID 624 wrote to memory of 2732	624	21df7b89e709cb3f8d3dec426de9db49.exe	28

C:\Users\Admin\AppData\Local\Temp\21df7b89e709cb3f8d3dec426de9db49.exe
"C:\Users\Admin\AppData\Local\Temp\21df7b89e709cb3f8d3dec426de9db49.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:624
- C:\Users\Admin\AppData\Local\Temp\21df7b89e709cb3f8d3dec426de9db49.exe
  C:\Users\Admin\AppData\Local\Temp\21df7b89e709cb3f8d3dec426de9db49.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\21df7b89e709cb3f8d3dec426de9db49.exe

Filesize
980KB

MD5
32ad738f7117ef0ccd87e99d52e30415

SHA1
d86a12d2bd57b972faeaf2cb24dcbff220412492

SHA256
fc1e316aa31ccf651341e4a4b2300282114dbfc39af591c31531a2119c8f0d06

SHA512
75892d6befe5d6d1d0cf5d6f780a1a97a42a1c436e30ec5ec953728f65ebb32d94c08d6027220bd9193c86aac822bf3817545e73dce899eda43edb39e63d3144

Download Submit
C:\Users\Admin\AppData\Local\Temp\21df7b89e709cb3f8d3dec426de9db49.exe

Filesize
576KB

MD5
4b3fd9429d6b030225bb8b91d42395e1

SHA1
55ba39fcf46368778e14808769c9c699721e9401

SHA256
44e4a48c9cc1da3438eb108e0e0a51f26ece0857e1d8c953ae2051e39bf9c3d1

SHA512
bdde7e96ee48ac18daa76443959b142949ead26d830db237a1b3f9461f5f57205e82828710e9de67875b93077e9cef34684e266726a978a6a5368b593ee6dade

Download Submit
\Users\Admin\AppData\Local\Temp\21df7b89e709cb3f8d3dec426de9db49.exe

Filesize
1.3MB

MD5
5e5ed1028375c13a3b159f7f6128dfac

SHA1
3ba5444973f64d94afdfd16e9aad1eafe436f5fc

SHA256
432b38f86ba293b8237b2f9643869f30297cfe6450662a3f033ad6253cf797ee

SHA512
340859137b256c8689c596b488a104536d1ad8b0057dffb9efc2bc00f6ac479f2368bea89e46ef1d177dc8b32e7d280da731c48914f4d44cd9bc55696934d631

Download Submit
memory/624-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/624-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/624-14-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/624-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/624-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/624-31-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2732-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2732-19-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2732-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2732-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2732-24-0x0000000003530000-0x000000000375A000-memory.dmp

Filesize
2.2MB

Download
memory/2732-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download