a88030e901ab8c406785dcedaf7749a5f02e3c1fb3c499d64c2299769ea1cdb2

Analysis

max time kernel
119s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

36cebc0b75ce70768759546d555dc744.exe
Size

1.5MB
MD5

36cebc0b75ce70768759546d555dc744
SHA1

7ea3d8d9f4168f60d04a0f4e22789de5c27e8adb
SHA256

a88030e901ab8c406785dcedaf7749a5f02e3c1fb3c499d64c2299769ea1cdb2
SHA512

4fe31c9eb29e7b0b5bc2b299b61ad333805315a4b9d594aecdedc116ed480375fb7ac38f879c60500706262f7a5523cbf4d8820df50465972ef4bbca391455e8
SSDEEP

24576:P8BQDZpVIre7oaGt1E1QopfdeeZB7BQBm6vPw6HywBxQ9Zcf4TirJW:P8BMZBoaw1OQoVdN72m6D444e

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2240	36cebc0b75ce70768759546d555dc744.exe

Executes dropped EXE 1 IoCs

pid	Process
2240	36cebc0b75ce70768759546d555dc744.exe

Loads dropped DLL 1 IoCs

pid	Process
2460	36cebc0b75ce70768759546d555dc744.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2460-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00080000000120dc-13.dat	upx
behavioral1/memory/2460-14-0x0000000003510000-0x00000000039FF000-memory.dmp	upx
behavioral1/files/0x00080000000120dc-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2460	36cebc0b75ce70768759546d555dc744.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2460	36cebc0b75ce70768759546d555dc744.exe
2240	36cebc0b75ce70768759546d555dc744.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2240	2460	36cebc0b75ce70768759546d555dc744.exe	28
PID 2460 wrote to memory of 2240	2460	36cebc0b75ce70768759546d555dc744.exe	28
PID 2460 wrote to memory of 2240	2460	36cebc0b75ce70768759546d555dc744.exe	28
PID 2460 wrote to memory of 2240	2460	36cebc0b75ce70768759546d555dc744.exe	28

C:\Users\Admin\AppData\Local\Temp\36cebc0b75ce70768759546d555dc744.exe
"C:\Users\Admin\AppData\Local\Temp\36cebc0b75ce70768759546d555dc744.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\36cebc0b75ce70768759546d555dc744.exe
  C:\Users\Admin\AppData\Local\Temp\36cebc0b75ce70768759546d555dc744.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\36cebc0b75ce70768759546d555dc744.exe

Filesize
64KB

MD5
82ba41df454011fa4365d53c12f60b8a

SHA1
77795011e36c00199dc67bd0d3705f5d6582101a

SHA256
f4621c25098b9667a1baea1adddd29e47098d019fca23e6a814ad3eb06526d56

SHA512
711ff53f9341c1cd0560a110648a1fc4bf2d2d0f62bfc24af0190b31f1a7dfd99aacd74a6731fb6fdaec578159820bff4de0e28fbe8dbff728b75d6a1ffa85d9

Download Submit
\Users\Admin\AppData\Local\Temp\36cebc0b75ce70768759546d555dc744.exe

Filesize
414KB

MD5
38dead576bbc929758f500747ef98217

SHA1
50a0a37216e04dbd49645ffe496a4f78f0023070

SHA256
afec250bac8c382cf827d3fa9246837d34ba715bd5af69f9591e9f8fd3d0ef07

SHA512
821cca735e47d82a6bcaf1a06e8b6dfbeacda5c163611296e99f1caf0a31bc049ab4debab23c3f5d75df559d385083a6781a89a13b48e8b3535ca00a6fd78674

Download Submit
memory/2240-17-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2240-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2240-22-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2240-24-0x0000000003400000-0x000000000362A000-memory.dmp

Filesize
2.2MB

Download
memory/2240-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2240-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2460-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2460-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2460-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2460-14-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2460-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2460-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download