240e12a81fb61443db4ed62782bbb912a2276eff3bb0fdfa6ea1175b53f9b53c

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28210ad5aa59246091be6cc5d2c2166c.exe
Size

2.7MB
MD5

28210ad5aa59246091be6cc5d2c2166c
SHA1

fdd19480aa94c61aed9266bee7a496a5a361d1cd
SHA256

240e12a81fb61443db4ed62782bbb912a2276eff3bb0fdfa6ea1175b53f9b53c
SHA512

f7343ce274da00f8e645f910475eea8281a471deaa29aa979ab1c54bf51946c1399bf161d7023a14f678dd224928f7aaccc8681db8b9361622a76a711778904a
SSDEEP

49152:5wb9MNbhVYAiN85o7lxINzelykXyzvz3037qPQtlDdgXF2jgFp:5w9MhsvINzwXWL03mQPDU2kFp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1724	28210ad5aa59246091be6cc5d2c2166c.exe

Executes dropped EXE 1 IoCs

pid	Process
1724	28210ad5aa59246091be6cc5d2c2166c.exe

Loads dropped DLL 1 IoCs

pid	Process
2324	28210ad5aa59246091be6cc5d2c2166c.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2324-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2324-15-0x0000000003900000-0x0000000003DEF000-memory.dmp	upx
behavioral1/memory/1724-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012243-13.dat	upx
behavioral1/files/0x000a000000012243-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2324	28210ad5aa59246091be6cc5d2c2166c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2324	28210ad5aa59246091be6cc5d2c2166c.exe
1724	28210ad5aa59246091be6cc5d2c2166c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 1724	2324	28210ad5aa59246091be6cc5d2c2166c.exe	28
PID 2324 wrote to memory of 1724	2324	28210ad5aa59246091be6cc5d2c2166c.exe	28
PID 2324 wrote to memory of 1724	2324	28210ad5aa59246091be6cc5d2c2166c.exe	28
PID 2324 wrote to memory of 1724	2324	28210ad5aa59246091be6cc5d2c2166c.exe	28

C:\Users\Admin\AppData\Local\Temp\28210ad5aa59246091be6cc5d2c2166c.exe
"C:\Users\Admin\AppData\Local\Temp\28210ad5aa59246091be6cc5d2c2166c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\28210ad5aa59246091be6cc5d2c2166c.exe
  C:\Users\Admin\AppData\Local\Temp\28210ad5aa59246091be6cc5d2c2166c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\28210ad5aa59246091be6cc5d2c2166c.exe

Filesize
381KB

MD5
914a09f9b90b5a8755a045567e3b44e4

SHA1
b58ecca8cbfdd807169ad772fae2d872ad6252f9

SHA256
bcb494a700d44f1bc0feb9b701067f2195445c4eb4ca66818d1fa855b0d48d3b

SHA512
6cbf314268ab2f8dd489512b885922941f587b433132fcefca7d6dcc1d0fb7f69d548dbbbe53103f88ce115611415c0ee3491fdd53f248ff00454ef9d60315c6

Download Submit
\Users\Admin\AppData\Local\Temp\28210ad5aa59246091be6cc5d2c2166c.exe

Filesize
741KB

MD5
54b4ace335d646be4d019b3593a20489

SHA1
c016fb2015fba79f5ea008fcbbd62de8971975d0

SHA256
e31011a5d2cfae0b2cd78967d3082f6ecfbf90b971f1b017026accaf1faa8c8e

SHA512
30efb0f35cbde4d772370cedeb343e60fbab48b32e9961aded73c3e33f60178cd2ff7540035ebfb76e728a4cd9e2b2f63c4c07dbbbc48c83b835c8454e229272

Download Submit
memory/1724-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1724-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1724-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1724-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1724-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1724-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2324-15-0x0000000003900000-0x0000000003DEF000-memory.dmp

Filesize
4.9MB

Download
memory/2324-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2324-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2324-31-0x0000000003900000-0x0000000003DEF000-memory.dmp

Filesize
4.9MB

Download