aec225a6994f17d9cdc65b66728f7c223bf6505ef2ed74242a63b47c4f5ceacf

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b07db24189f167b83bce1947a26dec4.exe
Size

2.9MB
MD5

2b07db24189f167b83bce1947a26dec4
SHA1

2b94a152833181dba181ceca909f80536153de94
SHA256

aec225a6994f17d9cdc65b66728f7c223bf6505ef2ed74242a63b47c4f5ceacf
SHA512

ca76c30744df8c209b8c487226598c82e717fdd040ef10514503ef20d1380ed6e12c6716d7387f8ff515d296c711f5f440ac7bb635b0df42a9126a439d437656
SSDEEP

49152:NgDK7pgHMWUGXtiZ+nepXwJizKVjiwQpvPIUswOG+ZcOIwqI2C1J/7Gy:6G7pXpEiZ/AJiu1iwQpHIUstG+ZcEH1j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2664	2b07db24189f167b83bce1947a26dec4.exe

Executes dropped EXE 1 IoCs

pid	Process
2664	2b07db24189f167b83bce1947a26dec4.exe

Loads dropped DLL 1 IoCs

pid	Process
2448	2b07db24189f167b83bce1947a26dec4.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2448-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012247-10.dat	upx
behavioral1/memory/2664-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012247-13.dat	upx
behavioral1/files/0x000c000000012247-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2448	2b07db24189f167b83bce1947a26dec4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2448	2b07db24189f167b83bce1947a26dec4.exe
2664	2b07db24189f167b83bce1947a26dec4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2664	2448	2b07db24189f167b83bce1947a26dec4.exe	28
PID 2448 wrote to memory of 2664	2448	2b07db24189f167b83bce1947a26dec4.exe	28
PID 2448 wrote to memory of 2664	2448	2b07db24189f167b83bce1947a26dec4.exe	28
PID 2448 wrote to memory of 2664	2448	2b07db24189f167b83bce1947a26dec4.exe	28

C:\Users\Admin\AppData\Local\Temp\2b07db24189f167b83bce1947a26dec4.exe
"C:\Users\Admin\AppData\Local\Temp\2b07db24189f167b83bce1947a26dec4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Users\Admin\AppData\Local\Temp\2b07db24189f167b83bce1947a26dec4.exe
  C:\Users\Admin\AppData\Local\Temp\2b07db24189f167b83bce1947a26dec4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2b07db24189f167b83bce1947a26dec4.exe

Filesize
2.9MB

MD5
4bd4e51c00505f73a30ce3e53d045f90

SHA1
e49546f7b107660bfd75afe62e4e3dd01ebe8ce7

SHA256
12b10738cab5c2399685edd3232c2e21ebcae35fccf45da75d8125e1fb23ec27

SHA512
10c6171fd6358d5cb503bac79ba7884cd8905b1912106f7146bd814edeb75c7473de177a8b25d949c59074cdfe2767ca8ee6c3dbe82b3b057214906ddb6c9897

Download Submit
C:\Users\Admin\AppData\Local\Temp\2b07db24189f167b83bce1947a26dec4.exe

Filesize
2.2MB

MD5
90d30892274e289f8d11b6f8bffb1247

SHA1
291f60fcfcada5877f29872daca62232fc631139

SHA256
9e061664658cf0988abe97bb3cb657b36dbf5dcce60831d4b889d1de3874db6e

SHA512
32fd5c2117409bf69d3196f00baaa82531590e7a2a88dc4af64d8b8ab38bd4388614a6e367190b791a02e5646c387b8cd8aa04cd095f01285f2150eed9790eb6

Download Submit
\Users\Admin\AppData\Local\Temp\2b07db24189f167b83bce1947a26dec4.exe

Filesize
2.5MB

MD5
b55f4d1d359676939d3ead0205894f7f

SHA1
35a264df39fe07c49238dedaadb21520f8ad234d

SHA256
4d138fa8bd5365ba13db1461a19d6561e75d3e32b384a123f0984ffc2e6ae857

SHA512
ec85fd8c2c4d87899e5edb3f74789c3fc8f21a25db0943ab2b907e2a7b1cdaaf792cbe27084aa6104ce2e7130b4ac3957fa91284ea4a73231bcc333aa37ec8e3

Download Submit
memory/2448-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2448-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2448-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2448-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2448-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2448-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2664-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2664-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2664-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2664-24-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/2664-17-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2664-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download