ee56ab26a0c5b121ca4494e9ae6adef50560682ff47d2a8f4db5b1cc4e8edcb7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29c9eba761e291009efe78b10040b36a.exe
Size

1.3MB
MD5

29c9eba761e291009efe78b10040b36a
SHA1

fabddddd700863cb2a7e84e3c7c98d1780fffdf5
SHA256

ee56ab26a0c5b121ca4494e9ae6adef50560682ff47d2a8f4db5b1cc4e8edcb7
SHA512

91ebec49f625daf6692f514197c1004113590f1fd91754f03c708005d39e5523e79387844167e8ab4603deda7753691e1536f243e76acefe73a0f10fc6709527
SSDEEP

24576:VpWSVExuyNyhWM1YNMErlMbHVkXJRyUuHiaGFN3XA/kfKK0g/E4lqoU9/9Us:Vp1VExNybYNMmlOHVGkiaGFNHA/K/5MX

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1964	29c9eba761e291009efe78b10040b36a.exe

Executes dropped EXE 1 IoCs

pid	Process
1964	29c9eba761e291009efe78b10040b36a.exe

Loads dropped DLL 1 IoCs

pid	Process
2360	29c9eba761e291009efe78b10040b36a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000014120-13.dat	upx
behavioral1/files/0x0009000000014120-10.dat	upx
behavioral1/memory/2360-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2360	29c9eba761e291009efe78b10040b36a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2360	29c9eba761e291009efe78b10040b36a.exe
1964	29c9eba761e291009efe78b10040b36a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1964	2360	29c9eba761e291009efe78b10040b36a.exe	16
PID 2360 wrote to memory of 1964	2360	29c9eba761e291009efe78b10040b36a.exe	16
PID 2360 wrote to memory of 1964	2360	29c9eba761e291009efe78b10040b36a.exe	16
PID 2360 wrote to memory of 1964	2360	29c9eba761e291009efe78b10040b36a.exe	16

C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe
"C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe
  C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe

Filesize
93KB

MD5
40b40a1434fd7fc022ba9bcf019d5f1a

SHA1
0ef956e89a1bab437bb8a77e772e128dca1c3803

SHA256
6e22657f9236c9edb5d408a7415eb75ee456de4adabe1e63be2b8c24327bf3f0

SHA512
ae6a29a50263ffb998f4d69f9a6962ba9be16fa5e12c218dd94b12110072d654f8e7bf98a89d5edb73e8661ee8768d6c5628958e4eb617ade2b7ace0a57cc6cd

Download Submit
\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe

Filesize
348KB

MD5
586f007e4f6729bec5b69dfb70cceea2

SHA1
391093e59ff0f8222bece789cc968f463ad0635f

SHA256
6e16ba6a4941de95a2f82e0dc6ab92e9676b2d160f4d0304a3c3cd32853942ad

SHA512
dd18b0d5dc0f061da1c1eb2c84124ae50eccd345a838860ceaa08cdb36f88eb01cd587f09f7f1d5d6a8d6a79a7eb7dec8ff5edb982471e85169b99ed737acc60

Download Submit
memory/1964-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1964-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1964-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1964-18-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1964-16-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1964-30-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2360-2-0x0000000000280000-0x00000000003B1000-memory.dmp

Filesize
1.2MB

Download
memory/2360-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download