59ac90a6dc080a804c53811710a5aad558a14ea4156ef6ba08e23d6c239b68b5

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26631b257344e32937a0242d485b94aa.exe
Size

5.8MB
MD5

26631b257344e32937a0242d485b94aa
SHA1

2a489d1ead79877344c1b0bb81e2b85eccb73a01
SHA256

59ac90a6dc080a804c53811710a5aad558a14ea4156ef6ba08e23d6c239b68b5
SHA512

60bc70538d3b28f9e72938826a343a35e0555bc7fd5ec0e98849f67b252222ebec7a1be47fc47471648f8f9b013456f888b577ca014fbf967f15add5ff2e6dde
SSDEEP

98304:zHXLQiEUXaeHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:z38ijXPauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1740	26631b257344e32937a0242d485b94aa.exe

Executes dropped EXE 1 IoCs

pid	Process
1740	26631b257344e32937a0242d485b94aa.exe

Loads dropped DLL 1 IoCs

pid	Process
2848	26631b257344e32937a0242d485b94aa.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2848-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012262-10.dat	upx
behavioral1/files/0x000d000000012262-15.dat	upx
behavioral1/memory/1740-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2848	26631b257344e32937a0242d485b94aa.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2848	26631b257344e32937a0242d485b94aa.exe
1740	26631b257344e32937a0242d485b94aa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 1740	2848	26631b257344e32937a0242d485b94aa.exe	28
PID 2848 wrote to memory of 1740	2848	26631b257344e32937a0242d485b94aa.exe	28
PID 2848 wrote to memory of 1740	2848	26631b257344e32937a0242d485b94aa.exe	28
PID 2848 wrote to memory of 1740	2848	26631b257344e32937a0242d485b94aa.exe	28

C:\Users\Admin\AppData\Local\Temp\26631b257344e32937a0242d485b94aa.exe
"C:\Users\Admin\AppData\Local\Temp\26631b257344e32937a0242d485b94aa.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\26631b257344e32937a0242d485b94aa.exe
  C:\Users\Admin\AppData\Local\Temp\26631b257344e32937a0242d485b94aa.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\26631b257344e32937a0242d485b94aa.exe

Filesize
159KB

MD5
b03633ff15bddd66fadcc496364879ec

SHA1
8a891be06a345b0a21f6a241626d004611cf5c20

SHA256
1c9be0f7e329c58bafc52cab83c043622ec04dd37df4c58c3dff5e3c3d87da11

SHA512
20b9c2d750157ec95d831c8ffc1cee8a6a92eeb697bcd2334cebf3952d59ee6f639647e0260b580c1a38c2f6488497382fa17a45c1eb2dae6e481ac7b7196a24

Download Submit
\Users\Admin\AppData\Local\Temp\26631b257344e32937a0242d485b94aa.exe

Filesize
265KB

MD5
fe9cd4f171ed75c9a733c0b40d866b30

SHA1
08bd3bfec224da82284a8a7e0fe119c0d7df5fa9

SHA256
07cc464605e0001d38abeaa15a3276e9cf59e9f7f5946bdced0594079ff4601c

SHA512
97bb713afa2095954e7ccbfcef73bf2b6176073c50c2b443f76cd9ee2063ea02de01897d238b8a024860b14aca1195ef3ed8265f9d4de1920d5a57b8f94e576a

Download Submit
memory/1740-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1740-18-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/1740-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1740-24-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2848-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2848-14-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2848-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2848-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download