45d4bfdc425fdce112d9dd2adb45dbcbda1dfb921cd74ea0461ab93bb24e49cf

Analysis

max time kernel
162s
max time network
251s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c3a93724af4c951c4d5d540b8b6d891.exe
Size

5.1MB
MD5

2c3a93724af4c951c4d5d540b8b6d891
SHA1

8adccabfad7f84a8665ca1921bbc43444a3db538
SHA256

45d4bfdc425fdce112d9dd2adb45dbcbda1dfb921cd74ea0461ab93bb24e49cf
SHA512

814186eccafceb9c5b6562de0f973666923a8a02311dc4efbf4c007a9f7e724f3486932d246b5bb19625194ed68ce84698284b3104904a973a5250fbaf29dc7c
SSDEEP

49152:cEgtEd/8mqt5Ln5nMNX7Ni5ahh1TfJ8lGcbMTWjDpRXBfQay3Qwa5cCbcmhbT2ct:c4WMjiqhrA3NI3QwcjMrbWt48v3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2304	2c3a93724af4c951c4d5d540b8b6d891.exe

Executes dropped EXE 1 IoCs

pid	Process
2304	2c3a93724af4c951c4d5d540b8b6d891.exe

Loads dropped DLL 1 IoCs

pid	Process
2856	2c3a93724af4c951c4d5d540b8b6d891.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2856-2-0x0000000000400000-0x0000000000D9E000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/files/0x0004000000004ed7-15.dat	upx
behavioral1/memory/2304-18-0x0000000000400000-0x0000000000D9E000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2856	2c3a93724af4c951c4d5d540b8b6d891.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2856	2c3a93724af4c951c4d5d540b8b6d891.exe
2304	2c3a93724af4c951c4d5d540b8b6d891.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2304	2856	2c3a93724af4c951c4d5d540b8b6d891.exe	27
PID 2856 wrote to memory of 2304	2856	2c3a93724af4c951c4d5d540b8b6d891.exe	27
PID 2856 wrote to memory of 2304	2856	2c3a93724af4c951c4d5d540b8b6d891.exe	27
PID 2856 wrote to memory of 2304	2856	2c3a93724af4c951c4d5d540b8b6d891.exe	27

C:\Users\Admin\AppData\Local\Temp\2c3a93724af4c951c4d5d540b8b6d891.exe
"C:\Users\Admin\AppData\Local\Temp\2c3a93724af4c951c4d5d540b8b6d891.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\2c3a93724af4c951c4d5d540b8b6d891.exe
  C:\Users\Admin\AppData\Local\Temp\2c3a93724af4c951c4d5d540b8b6d891.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2c3a93724af4c951c4d5d540b8b6d891.exe

Filesize
500KB

MD5
9507232b13203e5d959f6847cb470bf6

SHA1
1982749894952a2e136c2c1ceec9cca2ad3169ee

SHA256
247645326fbc096ef2aafa9f46903ea39ff228d01c30ba491fc6d2cb9cb4df65

SHA512
c3049ccff5509a3491689185567eebcf841edad45a8b7cb6ed638a2ca9e4187191d8ae8ed45d0445de731d7a2d7e1fc03eba3de73eb2e109158a12dc7ae7f166

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18D0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
\Users\Admin\AppData\Local\Temp\2c3a93724af4c951c4d5d540b8b6d891.exe

Filesize
4.7MB

MD5
364ad3bdcf6c7ef24abb6d3fab7f2e1c

SHA1
ae25cb0a1b480a24802c839db4860e666d25949b

SHA256
b64d6878db0959a130d30626e79050544126d4027269d6c4056d3a82524b5cab

SHA512
2ea44b8101723b183ddac0567f88a96aa4c3544775ab786133836bd06a8a9efbb91e2a21d60bf8e44eb56d2e1f9a4ca508fa49a0d91b2c88bc98729834b814a6

Download Submit
memory/2304-18-0x0000000000400000-0x0000000000D9E000-memory.dmp

Filesize
9.6MB

Download
memory/2304-19-0x0000000001FA0000-0x00000000021FA000-memory.dmp

Filesize
2.4MB

Download
memory/2304-25-0x0000000000400000-0x0000000000D9E000-memory.dmp

Filesize
9.6MB

Download
memory/2856-0-0x0000000000400000-0x0000000000605000-memory.dmp

Filesize
2.0MB

Download
memory/2856-2-0x0000000000400000-0x0000000000D9E000-memory.dmp

Filesize
9.6MB

Download
memory/2856-4-0x0000000001FA0000-0x00000000021FA000-memory.dmp

Filesize
2.4MB

Download
memory/2856-13-0x0000000004060000-0x00000000049FE000-memory.dmp

Filesize
9.6MB

Download
memory/2856-16-0x0000000000400000-0x0000000000D9E000-memory.dmp

Filesize
9.6MB

Download