ce215006ea43784164584f216df94ebff9a759479d0df87e3e6c7d4cb5a66b3d

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23b9ca18739fd576578d05cd6338cfb2.exe
Size

1.3MB
MD5

23b9ca18739fd576578d05cd6338cfb2
SHA1

2c0b26ba143db26460c08b02d76846efb66f4e11
SHA256

ce215006ea43784164584f216df94ebff9a759479d0df87e3e6c7d4cb5a66b3d
SHA512

41fb54baf5ea852f91c9417bb21d6f6f0c5b18f89cf809a1a8c452caed3bde7cbe2dead1739f9398d58af6f1dbff96f666f7db4e61f06bcc24657bbd115889ae
SSDEEP

24576:ZOlTyeRDHrFq96zyBMzaZZlusyJY2qtCWRWyyDvG:ZURDHrU96WuUZyJF+C0W3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2928	23b9ca18739fd576578d05cd6338cfb2.exe

Executes dropped EXE 1 IoCs

pid	Process
2928	23b9ca18739fd576578d05cd6338cfb2.exe

Loads dropped DLL 1 IoCs

pid	Process
1364	23b9ca18739fd576578d05cd6338cfb2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1364-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000015b6f-14.dat	upx
behavioral1/memory/2928-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000015b6f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1364	23b9ca18739fd576578d05cd6338cfb2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1364	23b9ca18739fd576578d05cd6338cfb2.exe
2928	23b9ca18739fd576578d05cd6338cfb2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2928	1364	23b9ca18739fd576578d05cd6338cfb2.exe	28
PID 1364 wrote to memory of 2928	1364	23b9ca18739fd576578d05cd6338cfb2.exe	28
PID 1364 wrote to memory of 2928	1364	23b9ca18739fd576578d05cd6338cfb2.exe	28
PID 1364 wrote to memory of 2928	1364	23b9ca18739fd576578d05cd6338cfb2.exe	28

C:\Users\Admin\AppData\Local\Temp\23b9ca18739fd576578d05cd6338cfb2.exe
"C:\Users\Admin\AppData\Local\Temp\23b9ca18739fd576578d05cd6338cfb2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\Temp\23b9ca18739fd576578d05cd6338cfb2.exe
  C:\Users\Admin\AppData\Local\Temp\23b9ca18739fd576578d05cd6338cfb2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\23b9ca18739fd576578d05cd6338cfb2.exe

Filesize
382KB

MD5
e7e5ea80eda4879945e76450dd4d51fc

SHA1
8c3a23108b65e92b07d8ee20da0f9ca6179d2846

SHA256
f7ac0345a445b777b2d742d75ef459d361c3981c09f7f5130d0eadaf9994950b

SHA512
5253100178ab010f76c56786ad134ff84dad3dd4c0f6e8f4fdff238823ed76d56837934a79fb19e53cf9fb19cef45904d093e062fa0f8b6c32c89a36c2cb30ed

Download Submit
\Users\Admin\AppData\Local\Temp\23b9ca18739fd576578d05cd6338cfb2.exe

Filesize
637KB

MD5
1e2cac88251515481d457ae7971b9ea4

SHA1
ddaeab8e38e51cb14a58b4ad8eae4ff568f6cff7

SHA256
f8b576e9b263cf6cf3197c1eae6a2dd30bf787a1d0c854078d3db488b37bc3f0

SHA512
93411b76b33abed4c4c60bf93584c40119d3d57ef8914c9331180279eeb642f8ab4aecb5575d2b8af231f9814b692a957f6e3077a716554bf457f1fdc411ae87

Download Submit
memory/1364-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1364-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1364-2-0x0000000000250000-0x0000000000362000-memory.dmp

Filesize
1.1MB

Download
memory/1364-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2928-19-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2928-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2928-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2928-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download