af6f33bb41e3170223a6d7c3889cd383ea3670ecac2aa3a9cbab9e8110c2a53b

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

257a3280cad5a5a9555f942002845348.exe
Size

5.8MB
MD5

257a3280cad5a5a9555f942002845348
SHA1

1637db21e7134b80d0f6c59eb6d5d2beef3488eb
SHA256

af6f33bb41e3170223a6d7c3889cd383ea3670ecac2aa3a9cbab9e8110c2a53b
SHA512

9268bf20e7d960f0445a757d0717fea7a4821bf348819250cf3dfb4f5dd43e0b36c61c070694bdf10090c419e48dec1513d3764be3e17a1ddde967f1e2f9afe6
SSDEEP

98304:azNiLzloql4HBUCczzM3NBHwpoD4IfkIg4HBUCczzM3:ahivlveWCRSpoxnWC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2300	257a3280cad5a5a9555f942002845348.exe

Executes dropped EXE 1 IoCs

pid	Process
2300	257a3280cad5a5a9555f942002845348.exe

Loads dropped DLL 1 IoCs

pid	Process
2560	257a3280cad5a5a9555f942002845348.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2560-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012251-15.dat	upx
behavioral1/files/0x000c000000012251-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2560	257a3280cad5a5a9555f942002845348.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2560	257a3280cad5a5a9555f942002845348.exe
2300	257a3280cad5a5a9555f942002845348.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2300	2560	257a3280cad5a5a9555f942002845348.exe	28
PID 2560 wrote to memory of 2300	2560	257a3280cad5a5a9555f942002845348.exe	28
PID 2560 wrote to memory of 2300	2560	257a3280cad5a5a9555f942002845348.exe	28
PID 2560 wrote to memory of 2300	2560	257a3280cad5a5a9555f942002845348.exe	28

C:\Users\Admin\AppData\Local\Temp\257a3280cad5a5a9555f942002845348.exe
"C:\Users\Admin\AppData\Local\Temp\257a3280cad5a5a9555f942002845348.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Users\Admin\AppData\Local\Temp\257a3280cad5a5a9555f942002845348.exe
  C:\Users\Admin\AppData\Local\Temp\257a3280cad5a5a9555f942002845348.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\257a3280cad5a5a9555f942002845348.exe

Filesize
649KB

MD5
e60a58052c74b04097dd4f6259553e33

SHA1
23e8bced1db1d410f33a4a89880c6cc4dc4f17ad

SHA256
a8498389703c078767619cc26efb576bbc7feaf627d9664de339e9ebf4b4d9e8

SHA512
0dad689e35253dfd2e4e7a906d5db7c608de790dfdea003c8ef89c1ab1d5d9ab2fe03e0d1c6bbc72e38f2dac6028c739e386b9d67821ecd1f8fdeb0092ac2e9d

Download Submit
\Users\Admin\AppData\Local\Temp\257a3280cad5a5a9555f942002845348.exe

Filesize
860KB

MD5
78948918f467959bfde6f3491cb29dde

SHA1
5b75963b9aea5de752cb8749483d676f95792454

SHA256
ad8779133783e1ee438940777ad74366a5e162bea78da0239961821402a356a8

SHA512
208c2a46a2695ee7a5aa0cc3fecc5a30373f2f5277a211b78ad3f8d0c4f3880a7d203f85608b5658e651388bf4c7a0844559bbe976cdd8251edb1aff1a35a679

Download Submit
memory/2300-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2300-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2300-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2300-25-0x0000000003700000-0x000000000392A000-memory.dmp

Filesize
2.2MB

Download
memory/2300-20-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2300-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2560-14-0x0000000003DC0000-0x00000000042AF000-memory.dmp

Filesize
4.9MB

Download
memory/2560-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2560-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2560-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2560-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2560-31-0x0000000003DC0000-0x00000000042AF000-memory.dmp

Filesize
4.9MB

Download