36f822ec79ef01d55fdfa1af3310ad568ca784023cbd1eba53ffeb815897f1a3

Analysis

max time kernel
118s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2462d70108ce8871f91162212aee7f57.exe
Size

2.9MB
MD5

2462d70108ce8871f91162212aee7f57
SHA1

7974c42b2084acbe7017a04b79c688f175b1b5e1
SHA256

36f822ec79ef01d55fdfa1af3310ad568ca784023cbd1eba53ffeb815897f1a3
SHA512

d800df5b3024fefc73d6b250a0fb9c3f70a9d59e7a1da44787ac7da4b2baf3f36be6b12dcf1c939aee14438423f71978e3a4d6f1520534e509e50218d26f131e
SSDEEP

49152:4ziVIAF0Bi5llgbwWDgPE8lSCx0+ZHpY9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:ihDawbwWD+1lTrYHau42c1joCjMPkNwv

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2692	2462d70108ce8871f91162212aee7f57.exe

Executes dropped EXE 1 IoCs

pid	Process
2692	2462d70108ce8871f91162212aee7f57.exe

Loads dropped DLL 1 IoCs

pid	Process
2996	2462d70108ce8871f91162212aee7f57.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2996-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012253-10.dat	upx
behavioral1/files/0x000a000000012253-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2996	2462d70108ce8871f91162212aee7f57.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2996	2462d70108ce8871f91162212aee7f57.exe
2692	2462d70108ce8871f91162212aee7f57.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2692	2996	2462d70108ce8871f91162212aee7f57.exe	18
PID 2996 wrote to memory of 2692	2996	2462d70108ce8871f91162212aee7f57.exe	18
PID 2996 wrote to memory of 2692	2996	2462d70108ce8871f91162212aee7f57.exe	18
PID 2996 wrote to memory of 2692	2996	2462d70108ce8871f91162212aee7f57.exe	18

C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe
"C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe
  C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe

Filesize
318KB

MD5
d96e947e1829d25dfd966c944bb96211

SHA1
e5b951cbe3b7fc449e84655439eb98369bac6d77

SHA256
72da26e91586f9348d76d9c6d69f6f0e4bc4755d4efab49b84292aceb45bd3f3

SHA512
3727873eacb719fe94b446aab52f874249a2dd6f0788cb78e49ae3b68d3a10f7abcc6a94ac1f2b3649848acdf551afeffe657fa1538d0804d8f7640e21ab2f0a

Download Submit
\Users\Admin\AppData\Local\Temp\2462d70108ce8871f91162212aee7f57.exe

Filesize
495KB

MD5
3fbf4e2b042875f7d97aa6de80bddb8d

SHA1
7c63118bcb7a8f97ee7350958def47de5f5f6929

SHA256
d01ae3d2f3e7fc0b2c898eff8a8abb57d6b373741c28a1e553722079f8ce313c

SHA512
9a3f83054ee17adb3832671af3744f03a4c19201e95f498c32147e3aef3caad7ff59a9e23585f15be0fb7227d5ae84b15bce66ba2c6546662d0961545ae9dcd3

Download Submit
memory/2692-20-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2692-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2692-18-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2692-25-0x00000000034C0000-0x00000000036EA000-memory.dmp

Filesize
2.2MB

Download
memory/2692-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2692-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2996-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2996-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2996-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download