610f48d0a3be3d270bef07c42e92690a7b922d39995c49d3fbc17d42ee6fe46b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26ed049e395f11eddf32a3871d7cef40.exe
Size

1.5MB
MD5

26ed049e395f11eddf32a3871d7cef40
SHA1

9ab265a72b217c107e5dcb8d144945caad83649c
SHA256

610f48d0a3be3d270bef07c42e92690a7b922d39995c49d3fbc17d42ee6fe46b
SHA512

f82533e5d327c93cb3c63287c55813e359ce813a1e00d0938f0ce5440da254c67cbf4e13a29b84d24df495043f105a65dc3f69300ed03841e2d6e66fcf2c3f8e
SSDEEP

24576:dWgWhlahPGzjpBwYV5E8kDt5dRmBnniDpNYzX+1o3sjemYSyuZldW:pWhchezKhYBnnSpmr+1blUuR

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2708	26ed049e395f11eddf32a3871d7cef40.exe

Executes dropped EXE 1 IoCs

pid	Process
2708	26ed049e395f11eddf32a3871d7cef40.exe

Loads dropped DLL 1 IoCs

pid	Process
1980	26ed049e395f11eddf32a3871d7cef40.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1980-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2708-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-13.dat	upx
behavioral1/files/0x000b00000001224c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1980	26ed049e395f11eddf32a3871d7cef40.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1980	26ed049e395f11eddf32a3871d7cef40.exe
2708	26ed049e395f11eddf32a3871d7cef40.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2708	1980	26ed049e395f11eddf32a3871d7cef40.exe	28
PID 1980 wrote to memory of 2708	1980	26ed049e395f11eddf32a3871d7cef40.exe	28
PID 1980 wrote to memory of 2708	1980	26ed049e395f11eddf32a3871d7cef40.exe	28
PID 1980 wrote to memory of 2708	1980	26ed049e395f11eddf32a3871d7cef40.exe	28

C:\Users\Admin\AppData\Local\Temp\26ed049e395f11eddf32a3871d7cef40.exe
"C:\Users\Admin\AppData\Local\Temp\26ed049e395f11eddf32a3871d7cef40.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\AppData\Local\Temp\26ed049e395f11eddf32a3871d7cef40.exe
  C:\Users\Admin\AppData\Local\Temp\26ed049e395f11eddf32a3871d7cef40.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\26ed049e395f11eddf32a3871d7cef40.exe

Filesize
92KB

MD5
4906f3e47c222b15f00c0a9f915789ab

SHA1
6c88956473307ca39066f53a549aac40074a8011

SHA256
6cf6e6763fd77d662c2bab7f63be1eb8ffcce3122e7dadff4a3a01090f5c43f5

SHA512
144c4aef1929e0c1c0e5cbd4149183d92619d647afcc732d135c9f138cb94fdb6c353ac23aedce0c5418fb159bd777554cbd58c11914883fc5ad8644f7aaeac6

Download Submit
\Users\Admin\AppData\Local\Temp\26ed049e395f11eddf32a3871d7cef40.exe

Filesize
93KB

MD5
6ba63ce6cd77fd1c5d25d4b428242537

SHA1
3869f484159a10cb0453d7152c7ca18133bf9799

SHA256
62c6a4b8e8eccc1e679150e65f5a7ed41866aac6c21d13f6ca054a65e0817482

SHA512
077eba9650211083c148e5225b6ae9fe32abc7177d2ee6b54ea602ea167a65d6813fd5378a84498408792a19dd5022ce6f7ac94fcb570cac8ba26aaa7d20188f

Download Submit
memory/1980-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1980-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1980-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1980-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1980-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1980-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2708-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2708-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2708-19-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2708-25-0x00000000036B0000-0x00000000038DA000-memory.dmp

Filesize
2.2MB

Download
memory/2708-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2708-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download