4f3391629abbaa12a12a95059962d86e45ab59b86f9e7bf8d5a33715615ac41d

Analysis

max time kernel
165s
max time network
194s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b615b11608b3d94be1a1b1454f83997.exe
Size

5.8MB
MD5

2b615b11608b3d94be1a1b1454f83997
SHA1

b542c7d66c74bc0d98c5e5134f1b8c04532c09ec
SHA256

4f3391629abbaa12a12a95059962d86e45ab59b86f9e7bf8d5a33715615ac41d
SHA512

7e2ef28dd7e48a004ad366af8c95f9811350b461963d182fd8a2a059ae581388ec9bf411c3a19bbdbb965290f16a5be7d178bfd5e42f5a3b741505d2a0888e17
SSDEEP

98304:mxHKjNm9TtUJYUyVGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:mr9ZmynGhRaaCkN9qHGhRa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2156	2b615b11608b3d94be1a1b1454f83997.exe

Executes dropped EXE 1 IoCs

pid	Process
2156	2b615b11608b3d94be1a1b1454f83997.exe

Loads dropped DLL 1 IoCs

pid	Process
2732	2b615b11608b3d94be1a1b1454f83997.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2732-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/memory/2732-15-0x0000000003F60000-0x000000000444F000-memory.dmp	upx
behavioral1/memory/2156-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-16.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2732	2b615b11608b3d94be1a1b1454f83997.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2732	2b615b11608b3d94be1a1b1454f83997.exe
2156	2b615b11608b3d94be1a1b1454f83997.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2156	2732	2b615b11608b3d94be1a1b1454f83997.exe	28
PID 2732 wrote to memory of 2156	2732	2b615b11608b3d94be1a1b1454f83997.exe	28
PID 2732 wrote to memory of 2156	2732	2b615b11608b3d94be1a1b1454f83997.exe	28
PID 2732 wrote to memory of 2156	2732	2b615b11608b3d94be1a1b1454f83997.exe	28

C:\Users\Admin\AppData\Local\Temp\2b615b11608b3d94be1a1b1454f83997.exe
"C:\Users\Admin\AppData\Local\Temp\2b615b11608b3d94be1a1b1454f83997.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\2b615b11608b3d94be1a1b1454f83997.exe
  C:\Users\Admin\AppData\Local\Temp\2b615b11608b3d94be1a1b1454f83997.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2b615b11608b3d94be1a1b1454f83997.exe

Filesize
2.1MB

MD5
0034e587180e7023c216f581b7e60ad5

SHA1
695981f56bb7b9fdee8843ea34f4d9eb57e0e7ba

SHA256
0e3337503fe5296626c76339aa32f3727eba4947e32b54263de4f0373374e56b

SHA512
04d9aadbae0c988eecc4b2ce21dc41c1cb9b9550d74436526a1942fa575ba0f69ed29de920fcc55af912416f8a1ace8258aa78a3d69e881904c4da857b2dc48d

Download Submit
\Users\Admin\AppData\Local\Temp\2b615b11608b3d94be1a1b1454f83997.exe

Filesize
1.9MB

MD5
a63b6ee6f59b7e9111fdcd4b26ffc772

SHA1
e9f330a1023777bb74d1035216cbc1106b0d4210

SHA256
877b7ab8b972f9900ba8a3fd8daa05f0900cabc2bbecd2cc17afadd9bc7f12a6

SHA512
a392ff01a0c667f7a8f6f766bf54e36f95e8f9b6f2261dc7373b63349b9f6b1c2f782e1c8518af2f11f17a00339985453230b2cfdeb088966a8825238e369f26

Download Submit
memory/2156-19-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2156-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2156-18-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2156-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2156-26-0x0000000003650000-0x000000000387A000-memory.dmp

Filesize
2.2MB

Download
memory/2156-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2732-10-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2732-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2732-15-0x0000000003F60000-0x000000000444F000-memory.dmp

Filesize
4.9MB

Download
memory/2732-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2732-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2732-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download