0c0dea6dd0c7cbfdf19b3b238c74bc871cf56c7f171c7d85973500cb9ebe1e53

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21ff8171a6e7cd1d0314b60bdda4577d.exe
Size

2.9MB
MD5

21ff8171a6e7cd1d0314b60bdda4577d
SHA1

da72f0b20c5670e9c63c5d30db2b10c8f6f3b51d
SHA256

0c0dea6dd0c7cbfdf19b3b238c74bc871cf56c7f171c7d85973500cb9ebe1e53
SHA512

1885d428d250307045ca7e9cf03707315da10cef99620e29b5cc46b31c9e71d304d45b8ce7a535b6add3c5b7076a1b4cf93080ff510f579bf1eb199f5a36ea06
SSDEEP

49152:9NbBriILheT4DcW9wpN74NH5HUyNRcUsCVOzetdZJ:dpw4Ibp4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2104	21ff8171a6e7cd1d0314b60bdda4577d.exe

Executes dropped EXE 1 IoCs

pid	Process
2104	21ff8171a6e7cd1d0314b60bdda4577d.exe

Loads dropped DLL 1 IoCs

pid	Process
292	21ff8171a6e7cd1d0314b60bdda4577d.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/292-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000122c9-13.dat	upx
behavioral1/files/0x00090000000122c9-12.dat	upx
behavioral1/files/0x00090000000122c9-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
292	21ff8171a6e7cd1d0314b60bdda4577d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
292	21ff8171a6e7cd1d0314b60bdda4577d.exe
2104	21ff8171a6e7cd1d0314b60bdda4577d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 292 wrote to memory of 2104	292	21ff8171a6e7cd1d0314b60bdda4577d.exe	28
PID 292 wrote to memory of 2104	292	21ff8171a6e7cd1d0314b60bdda4577d.exe	28
PID 292 wrote to memory of 2104	292	21ff8171a6e7cd1d0314b60bdda4577d.exe	28
PID 292 wrote to memory of 2104	292	21ff8171a6e7cd1d0314b60bdda4577d.exe	28

C:\Users\Admin\AppData\Local\Temp\21ff8171a6e7cd1d0314b60bdda4577d.exe
"C:\Users\Admin\AppData\Local\Temp\21ff8171a6e7cd1d0314b60bdda4577d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:292
- C:\Users\Admin\AppData\Local\Temp\21ff8171a6e7cd1d0314b60bdda4577d.exe
  C:\Users\Admin\AppData\Local\Temp\21ff8171a6e7cd1d0314b60bdda4577d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\21ff8171a6e7cd1d0314b60bdda4577d.exe

Filesize
1.3MB

MD5
ed05d7fd55a82d9d88fa967ab168ca32

SHA1
c9e8b0cd94f0c9bc0fcb6f6e79c30127b664c5fe

SHA256
a48479a537372617588dc77222ca0feadf8e4375b4b6acb7dbbe72412d3b8661

SHA512
c6a69de853dcd4fa9c02f2ed4da1dc5fdca053b8ff6c78380e484eb24369d891a249c8b00e4ae4c5cf6cf54b88ff7b2a1c8f23141a65e20a336aba26158d9ecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\21ff8171a6e7cd1d0314b60bdda4577d.exe

Filesize
98KB

MD5
07e5bd1985cfffeeb50eb422e70e5184

SHA1
eb0d3512c8e92339b77b67dbaebcdab84773e667

SHA256
d54b08c9fb5539586e6b6b45d6b6d5bf4416bb232459b4b486d5a3ebb5fc894f

SHA512
8843cc0f1b59784011e0b0a4cdef55d9fb7975fcc1864ca8ea7e9e31908c8dcb15d394b76b5214876c1840e094d76dbfdab8279a771e4d7ca681ee1e15c6a3c8

Download Submit
\Users\Admin\AppData\Local\Temp\21ff8171a6e7cd1d0314b60bdda4577d.exe

Filesize
2.9MB

MD5
5800165e3e11df1ac8dfa6cabef3c913

SHA1
5474969dfbff6c04dffb8aea9f421f8c7d843934

SHA256
f3ffe2c749cbca139e2bc841553a67c3d820279a3351a8b4b42d91c4ea8ff511

SHA512
fb1f4024d813ae5e309a2eee853e611bbb3df810355d556bc33040e1ada2f45f072fab29577e5f6a6ad7ffa56338341abf170c68ff10e2980c18cabb85f2075b

Download Submit
memory/292-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/292-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/292-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/292-15-0x0000000003970000-0x0000000003E5F000-memory.dmp

Filesize
4.9MB

Download
memory/292-31-0x0000000003970000-0x0000000003E5F000-memory.dmp

Filesize
4.9MB

Download
memory/292-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2104-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2104-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2104-19-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2104-26-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/2104-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2104-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download