c2a95be9175b96580272bd1dee0d92cdba5750a16cad14562ff388a8bfbc7a6d

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d1433fff103c4963cd7769d86cdf442.exe
Size

5.8MB
MD5

2d1433fff103c4963cd7769d86cdf442
SHA1

9d54569511864fe7d56734bf9d126e5c868ba2b5
SHA256

c2a95be9175b96580272bd1dee0d92cdba5750a16cad14562ff388a8bfbc7a6d
SHA512

20661a6b91549861ef67d773432dc8353a057aa0e07fc1b64ce61c28a84a6911b89065f04ecac643d6ec979245636a309e013619377ad73cb7e0985cd42e8314
SSDEEP

98304:RZ+s+FqvEa4HBUCczzM39F5v+aLzXo04o6ss8l/ipv4HBUCczzM3:R7+t5WCRF8a3Xl4o6sJipgWC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3040	2d1433fff103c4963cd7769d86cdf442.exe

Executes dropped EXE 1 IoCs

pid	Process
3040	2d1433fff103c4963cd7769d86cdf442.exe

Loads dropped DLL 1 IoCs

pid	Process
2060	2d1433fff103c4963cd7769d86cdf442.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2060-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/files/0x0009000000012252-13.dat	upx
behavioral1/memory/3040-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2060-12-0x0000000003DD0000-0x00000000042BF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2060	2d1433fff103c4963cd7769d86cdf442.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2060	2d1433fff103c4963cd7769d86cdf442.exe
3040	2d1433fff103c4963cd7769d86cdf442.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 3040	2060	2d1433fff103c4963cd7769d86cdf442.exe	28
PID 2060 wrote to memory of 3040	2060	2d1433fff103c4963cd7769d86cdf442.exe	28
PID 2060 wrote to memory of 3040	2060	2d1433fff103c4963cd7769d86cdf442.exe	28
PID 2060 wrote to memory of 3040	2060	2d1433fff103c4963cd7769d86cdf442.exe	28

C:\Users\Admin\AppData\Local\Temp\2d1433fff103c4963cd7769d86cdf442.exe
"C:\Users\Admin\AppData\Local\Temp\2d1433fff103c4963cd7769d86cdf442.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\2d1433fff103c4963cd7769d86cdf442.exe
  C:\Users\Admin\AppData\Local\Temp\2d1433fff103c4963cd7769d86cdf442.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2d1433fff103c4963cd7769d86cdf442.exe

Filesize
159KB

MD5
b044b3097524c995afc9b28cfe7ac3f8

SHA1
a4dbea63189883ded132f2e460eee2907051e00a

SHA256
9a735b7522a798578c4805ad1688ce3482d15249ed1e8ebe8fda7a47dd0c0976

SHA512
c5359dc75dc464bd57f71d7ccb70ce1ece57797569db42434077360531f3c6cb4d2aa4c7e61034e4c8df472d41de81f8677f0528790ddd12c43bf584af495dea

Download Submit
\Users\Admin\AppData\Local\Temp\2d1433fff103c4963cd7769d86cdf442.exe

Filesize
147KB

MD5
9b2373079fd5124581186babec80716c

SHA1
f4acb430bed23bf5ab2acac36a252bbd20a78ed2

SHA256
5e8bc67cb9914b8628e489c3c774868358955b06b07453f42fd9d8568fad8d5b

SHA512
d4fbcb75a8bc13474ad73d50f8f74ae53bc1d7a08b04450fe6b5c8881640242f7f494c611886fe52945ca3ac7915c7cb18fc1faa011ec8fed0396c10a3fdfebb

Download Submit
memory/2060-12-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2060-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2060-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2060-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2060-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3040-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/3040-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3040-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/3040-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3040-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3040-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download