42aad4ab11d0638c4f36bb8f9f7125fbcd7f2cf5a0832bf8dc021ea684db1c2a

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29e0108d967d50a4080e73ba5bad7d31.exe
Size

4.8MB
MD5

29e0108d967d50a4080e73ba5bad7d31
SHA1

91a16b90e38ab7832f1ddd033051268c2e2b5d7d
SHA256

42aad4ab11d0638c4f36bb8f9f7125fbcd7f2cf5a0832bf8dc021ea684db1c2a
SHA512

079cb5b55a3a0342c43a42993b07b2aadc958af7ba658dc5a44d32de35b56ff442ff109f3eecce7f5a27e3b3c00c8002fcc5c572a30d9699a33cde88f5c7e6f8
SSDEEP

98304:u6SJiVPDgg3gnl/IVUs1j6HybIF1yl+zWHgg3gnl/IVUs1jr:u6tJZgl/iBgybIXylNlgl/iBP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2372	29e0108d967d50a4080e73ba5bad7d31.exe

Executes dropped EXE 1 IoCs

pid	Process
2372	29e0108d967d50a4080e73ba5bad7d31.exe

Loads dropped DLL 1 IoCs

pid	Process
2212	29e0108d967d50a4080e73ba5bad7d31.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e0000000126a2-10.dat	upx
behavioral1/memory/2212-15-0x0000000003B90000-0x000000000407F000-memory.dmp	upx
behavioral1/files/0x000e0000000126a2-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2212	29e0108d967d50a4080e73ba5bad7d31.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2212	29e0108d967d50a4080e73ba5bad7d31.exe
2372	29e0108d967d50a4080e73ba5bad7d31.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2372	2212	29e0108d967d50a4080e73ba5bad7d31.exe	28
PID 2212 wrote to memory of 2372	2212	29e0108d967d50a4080e73ba5bad7d31.exe	28
PID 2212 wrote to memory of 2372	2212	29e0108d967d50a4080e73ba5bad7d31.exe	28
PID 2212 wrote to memory of 2372	2212	29e0108d967d50a4080e73ba5bad7d31.exe	28

C:\Users\Admin\AppData\Local\Temp\29e0108d967d50a4080e73ba5bad7d31.exe
"C:\Users\Admin\AppData\Local\Temp\29e0108d967d50a4080e73ba5bad7d31.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\29e0108d967d50a4080e73ba5bad7d31.exe
  C:\Users\Admin\AppData\Local\Temp\29e0108d967d50a4080e73ba5bad7d31.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\29e0108d967d50a4080e73ba5bad7d31.exe

Filesize
120KB

MD5
283a2f5794fd16495e9a98d1dc5da5df

SHA1
4d6d3c117d6e0184a3440dd521a5b6cab9be6236

SHA256
d140b662d3ed7d6f5b9d3aac844c73d6cff9e7206ffb7386f9e9937038b2b815

SHA512
552b3c062c5d6967520afa097cbb0126eb818d713cd41e740460f0a49d63e5c68b863158934cc5030d70fcfc2e862082c252d850edf78d6f017ee5be52bc6433

Download Submit
\Users\Admin\AppData\Local\Temp\29e0108d967d50a4080e73ba5bad7d31.exe

Filesize
252KB

MD5
6fce01e8590b16995ce29dc44c7236a5

SHA1
ffed8e42792eb187d57a45b4436911148be8d8dc

SHA256
cf36462991ac1b38056740fda0dacb8d1b84f1c1c60c4ce9626fcaf10f2261c1

SHA512
68ac15ebfa4c379c117633dfcdee43cf35d3dad3a0a9b34410588ee2d9b1f7108d2d4e33295d17427e9b54c359118fd9d68ff9ff184f15522c3470b018b1b983

Download Submit
memory/2212-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2212-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2212-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2212-15-0x0000000003B90000-0x000000000407F000-memory.dmp

Filesize
4.9MB

Download
memory/2212-30-0x0000000003B90000-0x000000000407F000-memory.dmp

Filesize
4.9MB

Download
memory/2212-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2372-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2372-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2372-23-0x0000000003690000-0x00000000038BA000-memory.dmp

Filesize
2.2MB

Download
memory/2372-17-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2372-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download