2714a8a9bac573d8e5dad42abc4b5c2efde57f194af851f36a730b5fabd12ba0

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29380c2cb6083945bd2df29dc24cc5ac.exe
Size

10.6MB
MD5

29380c2cb6083945bd2df29dc24cc5ac
SHA1

53aafc2720881fe3ad4cf2b2a367c7b83ce9f1ce
SHA256

2714a8a9bac573d8e5dad42abc4b5c2efde57f194af851f36a730b5fabd12ba0
SHA512

c2a9d66773fd67590701d4458faf9534950d55cb351933e51677d8a496f9446e8200053ac7fb501e24dadeb6d4fa488d584b733d599a4ff003b6181188fe7fa9
SSDEEP

196608:HB0AruLuAXtQxgCHG2Aza7h4QAXtQxgCHG295NAXtQxgCHG2Aza7h4QAXtQxgCHJ:hlux9QtGs7K9QtGMm9QtGs7K9QtGa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2944	29380c2cb6083945bd2df29dc24cc5ac.exe

Executes dropped EXE 1 IoCs

pid	Process
2944	29380c2cb6083945bd2df29dc24cc5ac.exe

Loads dropped DLL 1 IoCs

pid	Process
2360	29380c2cb6083945bd2df29dc24cc5ac.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2360-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000900000001447e-13.dat	upx
behavioral1/files/0x000900000001447e-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2360	29380c2cb6083945bd2df29dc24cc5ac.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2360	29380c2cb6083945bd2df29dc24cc5ac.exe
2944	29380c2cb6083945bd2df29dc24cc5ac.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2944	2360	29380c2cb6083945bd2df29dc24cc5ac.exe	20
PID 2360 wrote to memory of 2944	2360	29380c2cb6083945bd2df29dc24cc5ac.exe	20
PID 2360 wrote to memory of 2944	2360	29380c2cb6083945bd2df29dc24cc5ac.exe	20
PID 2360 wrote to memory of 2944	2360	29380c2cb6083945bd2df29dc24cc5ac.exe	20

C:\Users\Admin\AppData\Local\Temp\29380c2cb6083945bd2df29dc24cc5ac.exe
"C:\Users\Admin\AppData\Local\Temp\29380c2cb6083945bd2df29dc24cc5ac.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\29380c2cb6083945bd2df29dc24cc5ac.exe
  C:\Users\Admin\AppData\Local\Temp\29380c2cb6083945bd2df29dc24cc5ac.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\29380c2cb6083945bd2df29dc24cc5ac.exe

Filesize
86KB

MD5
4a05b1c1557729dd18d77159b9cf4b19

SHA1
ef6cb0e5c8fe796b674f7bf48fa92949f8a47951

SHA256
72049f434b05dc778ef3ab8a2ac6e5aad2f0f6632cba2ebf0fc90d49cb17323d

SHA512
ffe08a69fbd40a2297eb92834f458f1d51ae8738881675f480b33dbdd1973e1453b2a7e029d882c4d9c16bbb8a960001a3e5f897741a15cb71d19e48f08e8638

Download Submit
\Users\Admin\AppData\Local\Temp\29380c2cb6083945bd2df29dc24cc5ac.exe

Filesize
160KB

MD5
73267066693050ca64b1bbffa2812711

SHA1
d7886cc75b5114083610b2772868ff34583826f4

SHA256
725fd1f6afaec3f42c9f4b175593af75d9081ea3689cd2698b98e181c7feff38

SHA512
1d08a6f9e0224a5874075198a4a67c3d481d136de2fc17508a6f37b7a55648092bfce0da50d1c1af08d34e0701316d66e09e930901714311470f90699ec13ed0

Download Submit
memory/2360-15-0x0000000004740000-0x0000000004C27000-memory.dmp

Filesize
4.9MB

Download
memory/2360-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2360-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2360-31-0x0000000004740000-0x0000000004C27000-memory.dmp

Filesize
4.9MB

Download
memory/2944-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2944-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2944-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2944-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2944-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2944-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download