9c06f9cbc875c5f7f01937f6b0da8f4361185471b4c3dab8ed1f3b5456988ab8

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d4ad0f4a93f592d3e5ef02775fafed6.exe
Size

11.7MB
MD5

2d4ad0f4a93f592d3e5ef02775fafed6
SHA1

90c2012b174add994905de310e46ed60eb350d1c
SHA256

9c06f9cbc875c5f7f01937f6b0da8f4361185471b4c3dab8ed1f3b5456988ab8
SHA512

b871a00e6ed9e0c52c3bb9854b710bb3d617b3d055a975676f770d8b23403e5314b57c5e6eea1d0a6f3434202849aec06915ff2cb70cef8f51a4c4cc85b863bd
SSDEEP

98304:Zzy8TSyUFJqL9A8tA4HBUCczzM3vXDO4Kp4HBUCczzM3AzI4847Lt4HBUCczzM31:ZzhIJqx7vWC7DTWC0zHSWC7DTWC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2324	2d4ad0f4a93f592d3e5ef02775fafed6.exe

Executes dropped EXE 1 IoCs

pid	Process
2324	2d4ad0f4a93f592d3e5ef02775fafed6.exe

Loads dropped DLL 1 IoCs

pid	Process
2428	2d4ad0f4a93f592d3e5ef02775fafed6.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2428-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012256-13.dat	upx
behavioral1/memory/2428-15-0x0000000004990000-0x0000000004E7F000-memory.dmp	upx
behavioral1/memory/2324-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012256-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2428	2d4ad0f4a93f592d3e5ef02775fafed6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2428	2d4ad0f4a93f592d3e5ef02775fafed6.exe
2324	2d4ad0f4a93f592d3e5ef02775fafed6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2324	2428	2d4ad0f4a93f592d3e5ef02775fafed6.exe	28
PID 2428 wrote to memory of 2324	2428	2d4ad0f4a93f592d3e5ef02775fafed6.exe	28
PID 2428 wrote to memory of 2324	2428	2d4ad0f4a93f592d3e5ef02775fafed6.exe	28
PID 2428 wrote to memory of 2324	2428	2d4ad0f4a93f592d3e5ef02775fafed6.exe	28

C:\Users\Admin\AppData\Local\Temp\2d4ad0f4a93f592d3e5ef02775fafed6.exe
"C:\Users\Admin\AppData\Local\Temp\2d4ad0f4a93f592d3e5ef02775fafed6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Users\Admin\AppData\Local\Temp\2d4ad0f4a93f592d3e5ef02775fafed6.exe
  C:\Users\Admin\AppData\Local\Temp\2d4ad0f4a93f592d3e5ef02775fafed6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2d4ad0f4a93f592d3e5ef02775fafed6.exe

Filesize
64KB

MD5
e8c6074b71fe518b0a6830f02c598c98

SHA1
b9eb4d1af396c8209b493e3791548b0b8ab91388

SHA256
d8272e89b05b553c529e58d3828ec015654f0a8ab86e2d183c5ea264168be9ef

SHA512
bfd06970a3ffce4b0a310e9551d39cbff534cd9f9b8e74ca02bfdaf33f08a71cf0c5a79299eca1c4ed6192a2584058f5d5f2a302b5c100a4848fe6952140de94

Download Submit
\Users\Admin\AppData\Local\Temp\2d4ad0f4a93f592d3e5ef02775fafed6.exe

Filesize
53KB

MD5
6ff8f76b88cdbb5cdec360532cefd266

SHA1
e7ffcf658b8daa96e970dfd6fa239a79ae1b4ac7

SHA256
5baffa4bbeaea9f60746df9f0973307ff01ecafa1e734c150d164c9a867c0cc1

SHA512
9fee6474b5877f83ac842a0bfd5aae44205a53b2a94532bea7b9b576952804693193c8c8e6e6d35bce32830fe3c777b1f9d8c15f5d21e712a28b3fca4f3bf45d

Download Submit
memory/2324-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2324-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2324-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2324-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2428-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2428-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2428-15-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download
memory/2428-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2428-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2428-31-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download