2fe33e295b3f4d7fc045205c01c72947492065819389264575f38152bdf117d1

Analysis

max time kernel
122s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ca7825e8ccd527abc5a049c9900f6f9.exe
Size

2.9MB
MD5

2ca7825e8ccd527abc5a049c9900f6f9
SHA1

2857b5bb6a0c4355c8dc775db0392dcf25e36d7a
SHA256

2fe33e295b3f4d7fc045205c01c72947492065819389264575f38152bdf117d1
SHA512

4a5deb456521a685eaca79b95b9cc7759258b38e6faaab97880d44356edc5baeaf53936fd8f22c9195928412dc947acda2d44c3c9a09893aff05956141a1ed6c
SSDEEP

49152:6x1dWVn8D8eWMtl/7sUqMz8zq1oyCJN74NH5HUyNRcUsCVOzetdZJ:mcVnq8BMtp+V5yCJ4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2144	2ca7825e8ccd527abc5a049c9900f6f9.exe

Executes dropped EXE 1 IoCs

pid	Process
2144	2ca7825e8ccd527abc5a049c9900f6f9.exe

Loads dropped DLL 1 IoCs

pid	Process
2128	2ca7825e8ccd527abc5a049c9900f6f9.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222d-10.dat	upx
behavioral1/memory/2128-14-0x00000000038B0000-0x0000000003D9F000-memory.dmp	upx
behavioral1/files/0x000800000001222d-15.dat	upx
behavioral1/memory/2144-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2128	2ca7825e8ccd527abc5a049c9900f6f9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2128	2ca7825e8ccd527abc5a049c9900f6f9.exe
2144	2ca7825e8ccd527abc5a049c9900f6f9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2144	2128	2ca7825e8ccd527abc5a049c9900f6f9.exe	28
PID 2128 wrote to memory of 2144	2128	2ca7825e8ccd527abc5a049c9900f6f9.exe	28
PID 2128 wrote to memory of 2144	2128	2ca7825e8ccd527abc5a049c9900f6f9.exe	28
PID 2128 wrote to memory of 2144	2128	2ca7825e8ccd527abc5a049c9900f6f9.exe	28

C:\Users\Admin\AppData\Local\Temp\2ca7825e8ccd527abc5a049c9900f6f9.exe
"C:\Users\Admin\AppData\Local\Temp\2ca7825e8ccd527abc5a049c9900f6f9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\2ca7825e8ccd527abc5a049c9900f6f9.exe
  C:\Users\Admin\AppData\Local\Temp\2ca7825e8ccd527abc5a049c9900f6f9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2ca7825e8ccd527abc5a049c9900f6f9.exe

Filesize
405KB

MD5
e6fd3fa129c261640927f7a3f7824c72

SHA1
d887070a69b8963a8e8646287c7b39e9738a2872

SHA256
db3ba0e84970220904a6705bcd69f5fa80eeb946907e4e26199ecebd4f40f947

SHA512
d817cfbfe96d52db08cd7eb2f622f125903bfb6e7735d10e54ca7fbb32d5433760defd95f1ea82ceff3ca98a6b1c97f09b7c2e6e6a3b52fdddf49e9375661385

Download Submit
\Users\Admin\AppData\Local\Temp\2ca7825e8ccd527abc5a049c9900f6f9.exe

Filesize
32KB

MD5
99511ea333840117a6ac6d6ffbbbed59

SHA1
1ee6f50e5a265bf7c3fadaaac6542afd8b827826

SHA256
f1332cf5232343a5a1ce239513a8ceb5eaf4d9d9c881dea003e03025d9635c8d

SHA512
1d6218c3518d6a11ee4d64c177ae721559ffdd443e8c68ce45a64c9f6a1b21083361a327e0822321b0319f7fbbe936ac970dfa3cbc99446c35a27ad1e0a1bb79

Download Submit
memory/2128-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2128-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2128-14-0x00000000038B0000-0x0000000003D9F000-memory.dmp

Filesize
4.9MB

Download
memory/2128-2-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2128-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2128-30-0x00000000038B0000-0x0000000003D9F000-memory.dmp

Filesize
4.9MB

Download
memory/2144-19-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2144-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2144-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2144-24-0x0000000003540000-0x000000000376A000-memory.dmp

Filesize
2.2MB

Download
memory/2144-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2144-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download