9b8aa800a19a9b8846af7ed9061922ac2c3c3c44060f7be0d8e365431e24a373

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28673dbf0f859337332cfd4aae2bff84.exe
Size

2.7MB
MD5

28673dbf0f859337332cfd4aae2bff84
SHA1

30ce94d491027cda8035b74be7dce2e0c73c0d2b
SHA256

9b8aa800a19a9b8846af7ed9061922ac2c3c3c44060f7be0d8e365431e24a373
SHA512

d063fef80a1cbe35af705a273d12829d9a576e18a1fffca58edf60ebff96be7bb5aefcb74009f35354f4b8f12b9fa0c8e7fb2d721d40884675f56b6339905def
SSDEEP

49152:dNv5kusm5S1sEqgHKZtUnTzKyHYXhggPFDt5Lb9BknT/:dNwoS1sfgHK/svE/tx5Lb9Or

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1136	28673dbf0f859337332cfd4aae2bff84.exe

Executes dropped EXE 1 IoCs

pid	Process
1136	28673dbf0f859337332cfd4aae2bff84.exe

Loads dropped DLL 1 IoCs

pid	Process
2180	28673dbf0f859337332cfd4aae2bff84.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1136-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c0000000133b0-14.dat	upx
behavioral1/files/0x000c0000000133b0-13.dat	upx
behavioral1/files/0x000c0000000133b0-11.dat	upx
behavioral1/memory/2180-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2180	28673dbf0f859337332cfd4aae2bff84.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2180	28673dbf0f859337332cfd4aae2bff84.exe
1136	28673dbf0f859337332cfd4aae2bff84.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1136	2180	28673dbf0f859337332cfd4aae2bff84.exe	17
PID 2180 wrote to memory of 1136	2180	28673dbf0f859337332cfd4aae2bff84.exe	17
PID 2180 wrote to memory of 1136	2180	28673dbf0f859337332cfd4aae2bff84.exe	17
PID 2180 wrote to memory of 1136	2180	28673dbf0f859337332cfd4aae2bff84.exe	17

C:\Users\Admin\AppData\Local\Temp\28673dbf0f859337332cfd4aae2bff84.exe
"C:\Users\Admin\AppData\Local\Temp\28673dbf0f859337332cfd4aae2bff84.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\28673dbf0f859337332cfd4aae2bff84.exe
  C:\Users\Admin\AppData\Local\Temp\28673dbf0f859337332cfd4aae2bff84.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\28673dbf0f859337332cfd4aae2bff84.exe

Filesize
58KB

MD5
20a471cd3631f269cb4e4693e51be832

SHA1
7bcc55f2e4246400638dd3c8c5fe07d9d5aee890

SHA256
ed9a1880a2958bb109606c8fbff4c5c23f880cfbab35ea859a75868ceeef292c

SHA512
4d09871550b1bb3172f12e8721c75fe2ea0cd1348b26f81e5d371d6f6461bc08d8baa586c45b8975378714f816908b23668bcaf28631b4aeefd75fa90f59d6c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\28673dbf0f859337332cfd4aae2bff84.exe

Filesize
29KB

MD5
4f21ab24a5dc33936050d828638951a7

SHA1
8cc0a9703de106448b3ed34f88790194c5c44c23

SHA256
7f85f8f811072d2ac31fb754bec855791e1556794870a8ad4935c773eff7e5fa

SHA512
627b80cee7f31d76b8aefdebcc7007bdfc44a0c62c7a31ac86d096b91d5e52fba1dea17ab023827a4796dd6fb379eeff3e75c8d557e6443879219e7656516100

Download Submit
\Users\Admin\AppData\Local\Temp\28673dbf0f859337332cfd4aae2bff84.exe

Filesize
26KB

MD5
337e6c6f691336b5d5ef56f6ec215b7e

SHA1
21762826d6284fd3d6a5ebb11806143bea652424

SHA256
efdde1fddc24f39897e0116a38324f2cbd0d28146707cfc4c3a1a7e29bba0b2f

SHA512
19e2ffcd2f266a21b9736af0f44cdc1cba5075e391bf0be67970bdb007b15119a88fbf038203ef4876d5d1b4c3e4d42bf1a3be7871d65774dc81a662819202f0

Download Submit
memory/1136-20-0x0000000000240000-0x0000000000352000-memory.dmp

Filesize
1.1MB

Download
memory/1136-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1136-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1136-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2180-16-0x00000000036A0000-0x0000000003B0A000-memory.dmp

Filesize
4.4MB

Download
memory/2180-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2180-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2180-2-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2180-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2180-26-0x00000000036A0000-0x0000000003B0A000-memory.dmp

Filesize
4.4MB

Download