e5f86a7c25f225d9f4f2c02bf0d4f6c2ac24db9e05e2857fa0823566c9e9e033

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2402e11e713a49367728625f374dac9f.exe
Size

5.8MB
MD5

2402e11e713a49367728625f374dac9f
SHA1

deabc564580bd54a941ae9493f14d19dfb5f7b9c
SHA256

e5f86a7c25f225d9f4f2c02bf0d4f6c2ac24db9e05e2857fa0823566c9e9e033
SHA512

344e67d1438842bca3d05b08ec2fd17b8180fd2996d6cd7abe585bc512d8e8d5d2d48ee67d2b832c71914c68219297ef2dc722403bb7a672ebbd64c69ff1e092
SSDEEP

98304:A7jTWM4L3gg3gnl/IVUs1jePsJHgjnzn70IlNo5Q5ygg3gnl/IVUs1jePs:eTfegl/iBiPwElNGQIgl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2460	2402e11e713a49367728625f374dac9f.exe

Executes dropped EXE 1 IoCs

pid	Process
2460	2402e11e713a49367728625f374dac9f.exe

Loads dropped DLL 1 IoCs

pid	Process
2328	2402e11e713a49367728625f374dac9f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2328-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2460-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00070000000122c4-13.dat	upx
behavioral1/files/0x00070000000122c4-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2328	2402e11e713a49367728625f374dac9f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2328	2402e11e713a49367728625f374dac9f.exe
2460	2402e11e713a49367728625f374dac9f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2460	2328	2402e11e713a49367728625f374dac9f.exe	18
PID 2328 wrote to memory of 2460	2328	2402e11e713a49367728625f374dac9f.exe	18
PID 2328 wrote to memory of 2460	2328	2402e11e713a49367728625f374dac9f.exe	18
PID 2328 wrote to memory of 2460	2328	2402e11e713a49367728625f374dac9f.exe	18

C:\Users\Admin\AppData\Local\Temp\2402e11e713a49367728625f374dac9f.exe
"C:\Users\Admin\AppData\Local\Temp\2402e11e713a49367728625f374dac9f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Users\Admin\AppData\Local\Temp\2402e11e713a49367728625f374dac9f.exe
  C:\Users\Admin\AppData\Local\Temp\2402e11e713a49367728625f374dac9f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\2402e11e713a49367728625f374dac9f.exe

Filesize
93KB

MD5
1d601083b0f6c6c0edc8d9ef80f86b34

SHA1
04f6606a9fe17aad84375f4c38a434ea393d8744

SHA256
2b74ef01e7c16344b3b48ec2572685cd9298307b5f480dd3f27ddbc15d500d9c

SHA512
4ef0ac1284d249557012c1bdba253808f398b752773a72ea5908a052356e7b4f349bcf35adea75182271c1c7a8103e81f4f1071a960f5ce39c7943198edc3347

Download Submit
memory/2328-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2328-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2328-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2328-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2460-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2460-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2460-26-0x0000000003430000-0x000000000365A000-memory.dmp

Filesize
2.2MB

Download
memory/2460-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2460-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2460-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download