02278ed243a043d0ef60337d681c0157824c7172f19c31fe4cea9c432f1cd505

Analysis

max time kernel
117s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d143fc9d9cb3b061108d114c01ea2ed.exe
Size

1.5MB
MD5

2d143fc9d9cb3b061108d114c01ea2ed
SHA1

393176738e7f0ee8b1a2fa85732caaa902535dcf
SHA256

02278ed243a043d0ef60337d681c0157824c7172f19c31fe4cea9c432f1cd505
SHA512

7cd1b1a373bbc02d1c674c012c7f54b7549c754220c54dd1257b73e907c632f99dd2a005a1b156774c746aa77e2a3c94fa405c5e11ed960ef70a26b57fe94ebc
SSDEEP

24576:X61AgTgL2zwYJaqPFcJY304zpTNT3UrixaagjSV6G/kWmoeOKzCW:2MoFJRsYdzL362aBjELMuZQC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2116	2d143fc9d9cb3b061108d114c01ea2ed.exe

Executes dropped EXE 1 IoCs

pid	Process
2116	2d143fc9d9cb3b061108d114c01ea2ed.exe

Loads dropped DLL 1 IoCs

pid	Process
1716	2d143fc9d9cb3b061108d114c01ea2ed.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1716-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122e9-10.dat	upx
behavioral1/files/0x000c0000000122e9-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1716	2d143fc9d9cb3b061108d114c01ea2ed.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1716	2d143fc9d9cb3b061108d114c01ea2ed.exe
2116	2d143fc9d9cb3b061108d114c01ea2ed.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2116	1716	2d143fc9d9cb3b061108d114c01ea2ed.exe	19
PID 1716 wrote to memory of 2116	1716	2d143fc9d9cb3b061108d114c01ea2ed.exe	19
PID 1716 wrote to memory of 2116	1716	2d143fc9d9cb3b061108d114c01ea2ed.exe	19
PID 1716 wrote to memory of 2116	1716	2d143fc9d9cb3b061108d114c01ea2ed.exe	19

C:\Users\Admin\AppData\Local\Temp\2d143fc9d9cb3b061108d114c01ea2ed.exe
"C:\Users\Admin\AppData\Local\Temp\2d143fc9d9cb3b061108d114c01ea2ed.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Users\Admin\AppData\Local\Temp\2d143fc9d9cb3b061108d114c01ea2ed.exe
  C:\Users\Admin\AppData\Local\Temp\2d143fc9d9cb3b061108d114c01ea2ed.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2d143fc9d9cb3b061108d114c01ea2ed.exe

Filesize
12KB

MD5
d09b05f6613ce6d2e80bea2795eb41f9

SHA1
df1a386a2ea0047691654b65f7dd7a75ebf7cbcb

SHA256
6efd9035ff3289303f9343847b5512256b214afb2df89996c3bd53367214c1f0

SHA512
a5442bd7a3324c92fbd783d32f1783fd92dddad5d7281bbbcd230d76be57785ed9e51412745ea03ce32bcd196b9890d6d4ff6268485a32482be3b4ee0bb5b699

Download Submit
\Users\Admin\AppData\Local\Temp\2d143fc9d9cb3b061108d114c01ea2ed.exe

Filesize
27KB

MD5
be8fb573716a4c22cb9aed4faa4666d2

SHA1
804b6d3685c0209c37b3d429468c9a70d668fab0

SHA256
febd603f9e3059ae7c6a83d173f7bb9689c6dac675a4eea62ac9ff5d1bb1a826

SHA512
cbf855e1117819977be7fdc9d6d2407cb662931b6356437203dbeae518cfb10e8d21e436aef4daf310fda98341808559cee8bca30c1babf1d0cbce115740862e

Download Submit
memory/1716-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1716-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1716-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1716-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1716-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2116-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2116-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2116-25-0x00000000036B0000-0x00000000038DA000-memory.dmp

Filesize
2.2MB

Download
memory/2116-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-19-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2116-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download