65a2b0760ca2ecc04c624317302ed8db9c1ec336de968f61912d7a409ada51c1

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

229c08ebe90b97138d5d5195170a565a.exe
Size

1.3MB
MD5

229c08ebe90b97138d5d5195170a565a
SHA1

49105fcc66f9f605d8c4b81b2a08b2800f27ee28
SHA256

65a2b0760ca2ecc04c624317302ed8db9c1ec336de968f61912d7a409ada51c1
SHA512

483dac60434773b3e0258286a57d3c9b75155f7e261d8b517d89ed2a00a83c6b3cfbd629d9885b5f46cea63f74a8f0a63d54c3fe411a6437271aa11a169bd141
SSDEEP

24576:6Wy0LJx8o7SnmseM0LRASplyHbi6IKdksiYEYuh2UeBD9SLm3lvvG:1LJN7SnmseM07ZKdtlEYuhTL0

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2984	229c08ebe90b97138d5d5195170a565a.exe

Executes dropped EXE 1 IoCs

pid	Process
2984	229c08ebe90b97138d5d5195170a565a.exe

Loads dropped DLL 1 IoCs

pid	Process
2916	229c08ebe90b97138d5d5195170a565a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2916-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000013a71-14.dat	upx
behavioral1/files/0x000a000000013a71-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2916	229c08ebe90b97138d5d5195170a565a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2916	229c08ebe90b97138d5d5195170a565a.exe
2984	229c08ebe90b97138d5d5195170a565a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2984	2916	229c08ebe90b97138d5d5195170a565a.exe	28
PID 2916 wrote to memory of 2984	2916	229c08ebe90b97138d5d5195170a565a.exe	28
PID 2916 wrote to memory of 2984	2916	229c08ebe90b97138d5d5195170a565a.exe	28
PID 2916 wrote to memory of 2984	2916	229c08ebe90b97138d5d5195170a565a.exe	28

C:\Users\Admin\AppData\Local\Temp\229c08ebe90b97138d5d5195170a565a.exe
"C:\Users\Admin\AppData\Local\Temp\229c08ebe90b97138d5d5195170a565a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Users\Admin\AppData\Local\Temp\229c08ebe90b97138d5d5195170a565a.exe
  C:\Users\Admin\AppData\Local\Temp\229c08ebe90b97138d5d5195170a565a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\229c08ebe90b97138d5d5195170a565a.exe

Filesize
382KB

MD5
bedcd1500c566494e451e211331ba4d6

SHA1
bbaa90b1fe5fc1af235d9adffd6be61a5f1d907d

SHA256
0e547818c30820ecf53f3408ab51429b8041d20b9c700e460b257458f8a41add

SHA512
5eb261528636d7d2af639439899b24242f4076a4d63c89fa728b137b190f089898382f05e83f8ff64b44b8c607c1c8312d6cfed70f86e1805959ebbaef8b6a0f

Download Submit
\Users\Admin\AppData\Local\Temp\229c08ebe90b97138d5d5195170a565a.exe

Filesize
894KB

MD5
c98ef70e10f14fa00594ddffc52fb819

SHA1
ab753680b8ec0c0d9936c7571054056db425b717

SHA256
3cf41fb0b0e15492718979cd712ea88f77a0e8c1d7284b3b9196f833233c2ecc

SHA512
65b244f211dbed50f27bcd89c4699b41bf70716434fa77baa7ea251bfc47f69da3163de298f3985d5a5cc3d7330e3425d3de631f5d21477f9cf3a3fedc3ef744

Download Submit
memory/2916-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2916-2-0x00000000002A0000-0x00000000003B2000-memory.dmp

Filesize
1.1MB

Download
memory/2916-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2916-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2984-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2984-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2984-16-0x0000000000290000-0x00000000003A2000-memory.dmp

Filesize
1.1MB

Download
memory/2984-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download