40bab5d000877eb27dc8395d3758ee5df4622572e1f7c07328500a0c1bd4663f

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2af7190681daa4e8b7aa8d6bf1f8c4c4.exe
Size

1.3MB
MD5

2af7190681daa4e8b7aa8d6bf1f8c4c4
SHA1

fb58c7d5c859c245c84f376bedbb25b522e5a162
SHA256

40bab5d000877eb27dc8395d3758ee5df4622572e1f7c07328500a0c1bd4663f
SHA512

29fdc1201e81b27d5226fe0923235089a5d69c82eeecbd7a305802f6dd8f8e829544a82c54036fc1a6d05e63a836fe64ce3851915b1e15299e85c4c075d2b836
SSDEEP

24576:HaLR3s/3BGAwM0XWF5kXEneZoNnkrLmbp1ys0vAOPfRKqlG+ET6Pg5nzhU9/9Us:H4E4eFwEneZbmbp1y4UG+M6miR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2324	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe

Executes dropped EXE 1 IoCs

pid	Process
2324	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe

Loads dropped DLL 1 IoCs

pid	Process
2672	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2672-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x00080000000120f8-10.dat	upx
behavioral1/files/0x00080000000120f8-14.dat	upx
behavioral1/memory/2324-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/2672-12-0x0000000003610000-0x0000000003AF7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2672	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2672	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe
2324	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2324	2672	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe	28
PID 2672 wrote to memory of 2324	2672	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe	28
PID 2672 wrote to memory of 2324	2672	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe	28
PID 2672 wrote to memory of 2324	2672	2af7190681daa4e8b7aa8d6bf1f8c4c4.exe	28

C:\Users\Admin\AppData\Local\Temp\2af7190681daa4e8b7aa8d6bf1f8c4c4.exe
"C:\Users\Admin\AppData\Local\Temp\2af7190681daa4e8b7aa8d6bf1f8c4c4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\2af7190681daa4e8b7aa8d6bf1f8c4c4.exe
  C:\Users\Admin\AppData\Local\Temp\2af7190681daa4e8b7aa8d6bf1f8c4c4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2af7190681daa4e8b7aa8d6bf1f8c4c4.exe

Filesize
167KB

MD5
35f05da943e00b330f4964f3905090a5

SHA1
3da39ef1eac26246d0bd55147c7dbde48be0d575

SHA256
c1cff00cf49cd34a2d7b0b0cafd92959f06a03055df1cbffec5cc507e1117c48

SHA512
9fa1f9f11bbe32746d0b7ee28bb0a068e530faf7cd99448b0cdf3520a726b501c9fa5c5ec5a24f913b25904ff6d36295a6648b8ca477fc9ebc860599bf01ed35

Download Submit
\Users\Admin\AppData\Local\Temp\2af7190681daa4e8b7aa8d6bf1f8c4c4.exe

Filesize
94KB

MD5
0edc25eca09404496545f0c75c441864

SHA1
238614120f56b870005b6cbce4752954b9ba911a

SHA256
884b4db26b483ff9c0a9162ec69dc32ec6f7798228cee02d71c5d90f6e80f155

SHA512
9c06a6f60758b992561e4886a8c46a9a5f04b0b496d3bb4d7884a1ada0510fa002be90218f7a711203fe6d5f8663725e008adcdbe0a7d3cfdc65261bcd8e86ff

Download Submit
memory/2324-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2324-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2324-18-0x0000000000290000-0x00000000003C1000-memory.dmp

Filesize
1.2MB

Download
memory/2324-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2324-25-0x0000000003500000-0x0000000003722000-memory.dmp

Filesize
2.1MB

Download
memory/2324-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2672-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2672-2-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2672-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2672-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2672-12-0x0000000003610000-0x0000000003AF7000-memory.dmp

Filesize
4.9MB

Download