cc0d2cb10a5587ebb5c6fef350b7c61305d96286f08878ce090e1c8110b4997e

Analysis

max time kernel
121s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

278a7992a0aa29b3ddb91be9c9e74378.exe
Size

5.3MB
MD5

278a7992a0aa29b3ddb91be9c9e74378
SHA1

8d8872b0e729a0234d8f5df66d86cfd4794107dc
SHA256

cc0d2cb10a5587ebb5c6fef350b7c61305d96286f08878ce090e1c8110b4997e
SHA512

8fdf9363a085ed4bb51589aba224d77312a168956a6572ce153bfa2678a0901b2419405ab3a072ca7d614b761f7979f70698fdc1acc3f3510630e7946d6de767
SSDEEP

98304:UJNWnLBxbRFrdqsNh+fMwcfR5tuPNavIrM7Y6V7isdqsNh+fMwcfR5:kWFRR1dqah+8XmNYBisdqah+8X

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2720	278a7992a0aa29b3ddb91be9c9e74378.exe

Executes dropped EXE 1 IoCs

pid	Process
2720	278a7992a0aa29b3ddb91be9c9e74378.exe

Loads dropped DLL 1 IoCs

pid	Process
2036	278a7992a0aa29b3ddb91be9c9e74378.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2036-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000900000001223f-11.dat	upx
behavioral1/memory/2036-16-0x0000000003D30000-0x000000000419A000-memory.dmp	upx
behavioral1/files/0x000900000001223f-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2036	278a7992a0aa29b3ddb91be9c9e74378.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2036	278a7992a0aa29b3ddb91be9c9e74378.exe
2720	278a7992a0aa29b3ddb91be9c9e74378.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2720	2036	278a7992a0aa29b3ddb91be9c9e74378.exe	28
PID 2036 wrote to memory of 2720	2036	278a7992a0aa29b3ddb91be9c9e74378.exe	28
PID 2036 wrote to memory of 2720	2036	278a7992a0aa29b3ddb91be9c9e74378.exe	28
PID 2036 wrote to memory of 2720	2036	278a7992a0aa29b3ddb91be9c9e74378.exe	28

C:\Users\Admin\AppData\Local\Temp\278a7992a0aa29b3ddb91be9c9e74378.exe
"C:\Users\Admin\AppData\Local\Temp\278a7992a0aa29b3ddb91be9c9e74378.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Temp\278a7992a0aa29b3ddb91be9c9e74378.exe
  C:\Users\Admin\AppData\Local\Temp\278a7992a0aa29b3ddb91be9c9e74378.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\278a7992a0aa29b3ddb91be9c9e74378.exe

Filesize
198KB

MD5
3ef5482e51f1f70030eabb5fadf4166a

SHA1
bf01b64f69782374c6212d547e9de7efcb7d1f2e

SHA256
c400675532af5dfd87b70a0694dba9308d761f6fcd6f1cd5c52823e01d9c1afe

SHA512
9bd02e291dee9adc26535f1b6290b564c567add2e1a7069f6a4d16826950c9471ead96cab49ce4e31d298a06d9050e47dbd94075d3dba3c2c425de59f3cdbe53

Download Submit
\Users\Admin\AppData\Local\Temp\278a7992a0aa29b3ddb91be9c9e74378.exe

Filesize
223KB

MD5
fba59de66a238ea682b58099c98ae398

SHA1
cef9631141c698490739d28789cfd5dd9a04de04

SHA256
3432ad79b5bbb5348b03daaeb432d1f25afeca80c492541a85d22ea8d1c1b053

SHA512
c3c9d31c8038ba661185b09bda1c5ff12994b8abf7cd5a62fa9300033966221f3d9e06683688fef797e37e744776924184fc03d0a331b30a3e257807170b5c82

Download Submit
memory/2036-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2036-2-0x00000000002A0000-0x00000000003B2000-memory.dmp

Filesize
1.1MB

Download
memory/2036-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2036-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2036-16-0x0000000003D30000-0x000000000419A000-memory.dmp

Filesize
4.4MB

Download
memory/2720-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2720-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2720-20-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2720-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download