bda73a7c4679c5ba0af8cfec29d5e1b02666412579f6106c4a0bce018ee064bd

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26d9260b6f0203e5e298e4b5e5ef7ea0.exe
Size

2.7MB
MD5

26d9260b6f0203e5e298e4b5e5ef7ea0
SHA1

b7e7e951ee6bf0e8bbb2b5e4bf05e152d802f7bc
SHA256

bda73a7c4679c5ba0af8cfec29d5e1b02666412579f6106c4a0bce018ee064bd
SHA512

ae348e7ff9f185b0e822478f9e449c0c9f29dfcac9b4807e3ce3845cc49aa3a940f9d39b0078fe34af4783ea37b787ac5bf9f22419c4af1102d586da8f1b9a6f
SSDEEP

49152:J9QvFdt9La5SGhCok2on9jAVTkR98hFsb6aZ4SNYLM1X+hXZE50R9j:J9QvFp8CokR9jQTkH9mELsXZE0Hj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2172	26d9260b6f0203e5e298e4b5e5ef7ea0.exe

Executes dropped EXE 1 IoCs

pid	Process
2172	26d9260b6f0203e5e298e4b5e5ef7ea0.exe

Loads dropped DLL 1 IoCs

pid	Process
2168	26d9260b6f0203e5e298e4b5e5ef7ea0.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000d0000000122bd-10.dat	upx
behavioral1/files/0x000d0000000122bd-15.dat	upx
behavioral1/memory/2172-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000d0000000122bd-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2168	26d9260b6f0203e5e298e4b5e5ef7ea0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2168	26d9260b6f0203e5e298e4b5e5ef7ea0.exe
2172	26d9260b6f0203e5e298e4b5e5ef7ea0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2172	2168	26d9260b6f0203e5e298e4b5e5ef7ea0.exe	19
PID 2168 wrote to memory of 2172	2168	26d9260b6f0203e5e298e4b5e5ef7ea0.exe	19
PID 2168 wrote to memory of 2172	2168	26d9260b6f0203e5e298e4b5e5ef7ea0.exe	19
PID 2168 wrote to memory of 2172	2168	26d9260b6f0203e5e298e4b5e5ef7ea0.exe	19

C:\Users\Admin\AppData\Local\Temp\26d9260b6f0203e5e298e4b5e5ef7ea0.exe
"C:\Users\Admin\AppData\Local\Temp\26d9260b6f0203e5e298e4b5e5ef7ea0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\26d9260b6f0203e5e298e4b5e5ef7ea0.exe
  C:\Users\Admin\AppData\Local\Temp\26d9260b6f0203e5e298e4b5e5ef7ea0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\26d9260b6f0203e5e298e4b5e5ef7ea0.exe

Filesize
24KB

MD5
13a8c0198fe0497b7b929ae558454c3a

SHA1
27d43a7804d62f89a43b6c4bb6af7e1202cbc765

SHA256
50a23dba8fbfc00a04710230324659439ece93938edd6b9fdad00ff6a2433764

SHA512
0c60cb9dfd997ad2575ceddbc81ac8f0c76d2243328f0b80d44092d29a8b03e82ef7f9309c9a8971c3ba13b29cf41432dbcc8f6328c635acb55331bb39dadf3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\26d9260b6f0203e5e298e4b5e5ef7ea0.exe

Filesize
55KB

MD5
0528406136d06c8bcd3ddd18f1634eb2

SHA1
bbbdea22a58ff0bad88a0e12455bf5afe5e05430

SHA256
e3ea5a6924938c01429bdd044fdb3104067bf922e109f4e60f2f78979ad44188

SHA512
cb7eb20c40be94986a9f11138024f88f3b4f19df1f04eb4644baf5912371582bccf8aa5063dcbe231a4edfe6f2d4ae96a2abc1f38c6fb80b599e68b26a48e209

Download Submit
\Users\Admin\AppData\Local\Temp\26d9260b6f0203e5e298e4b5e5ef7ea0.exe

Filesize
34KB

MD5
e7dcc6912e54dbb09f89979ca6f96909

SHA1
9c673d03a9bfc8dbf522e982b12f17402daf5241

SHA256
30d30a38e83d3f02386cf218018e01de5eb2636d7336e3ded356fe1ec69b6baa

SHA512
6ed30f93125b88814a9bd1b545979c8c50c2409cb1232ed8aa32a54f1cd6df84589cbf58ff6f57521e18afc5dd8fcd183df0f6903a9415782aeb76a98890b4fe

Download Submit
memory/2168-13-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2168-3-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2168-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2168-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2168-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2168-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2172-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2172-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2172-25-0x00000000034B0000-0x00000000036D2000-memory.dmp

Filesize
2.1MB

Download
memory/2172-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2172-19-0x0000000000240000-0x0000000000371000-memory.dmp

Filesize
1.2MB

Download
memory/2172-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download