9fa086e864b1ae56d39c482c9b857d5890a767d9fea8084d85831fe3f0f8269f

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

395311df100f5e54f134e69e971df2cc.exe
Size

1.5MB
MD5

395311df100f5e54f134e69e971df2cc
SHA1

d9d5cb9e5579030439b879bced13ddd6efc94d62
SHA256

9fa086e864b1ae56d39c482c9b857d5890a767d9fea8084d85831fe3f0f8269f
SHA512

1f01618426e42b3564cc5a55ab610d917dd794959dcaa7583648346860523b170fabde620212c1da375810ca3e3c883045618dad295109eeb842bb39eced2770
SSDEEP

24576:BbYeMWoMMLvDEtL/l2jhduyeFa3eG9wv/QWIe7k6PlIY6VXDBW:CJM8otL/l2aY3t9wQW37k6rmXDB

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2356	395311df100f5e54f134e69e971df2cc.exe

Executes dropped EXE 1 IoCs

pid	Process
2356	395311df100f5e54f134e69e971df2cc.exe

Loads dropped DLL 1 IoCs

pid	Process
1388	395311df100f5e54f134e69e971df2cc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1388-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012262-10.dat	upx
behavioral1/files/0x000a000000012262-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1388	395311df100f5e54f134e69e971df2cc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1388	395311df100f5e54f134e69e971df2cc.exe
2356	395311df100f5e54f134e69e971df2cc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 2356	1388	395311df100f5e54f134e69e971df2cc.exe	28
PID 1388 wrote to memory of 2356	1388	395311df100f5e54f134e69e971df2cc.exe	28
PID 1388 wrote to memory of 2356	1388	395311df100f5e54f134e69e971df2cc.exe	28
PID 1388 wrote to memory of 2356	1388	395311df100f5e54f134e69e971df2cc.exe	28

C:\Users\Admin\AppData\Local\Temp\395311df100f5e54f134e69e971df2cc.exe
"C:\Users\Admin\AppData\Local\Temp\395311df100f5e54f134e69e971df2cc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Users\Admin\AppData\Local\Temp\395311df100f5e54f134e69e971df2cc.exe
  C:\Users\Admin\AppData\Local\Temp\395311df100f5e54f134e69e971df2cc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\395311df100f5e54f134e69e971df2cc.exe

Filesize
399KB

MD5
ac0a6dcb04488582d7b9f2e64fee57a2

SHA1
74b59a0665e3b50fe8d4d6c3dbc53927b6ae1381

SHA256
ed3e1ecf85b672e3ccf3088bf2a8bc8b1c90c23e85a25e067fd04818cc6d6ea6

SHA512
95d07a7182017ed4b72c5fe9c44ad559f131d928dba178b0cbceb78d58cb3dcc042a1c0c173dc7d84a9a78cbda1d0a4af1f2c0167ca47b60ee9ab7651c6d3244

Download Submit
\Users\Admin\AppData\Local\Temp\395311df100f5e54f134e69e971df2cc.exe

Filesize
529KB

MD5
cb0b5874bbb27532b9c09c9bde64b57f

SHA1
a637d3b5818b1c90b267b2b91ac50903c0a6e4b7

SHA256
d613694b5270fa3defe99b4d452dd7078faeba3ec1926e80bd7f1ab1f68250da

SHA512
ade6eb6b8a106190a87d49ff09640241ea84439eca82d609869bf42d5166699b3d6482876fad0774405bf42701e5ca5c5385e159a42e514bea880431c558f71c

Download Submit
memory/1388-2-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/1388-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1388-14-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/1388-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1388-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2356-19-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2356-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2356-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2356-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2356-25-0x0000000003530000-0x000000000375A000-memory.dmp

Filesize
2.2MB

Download
memory/2356-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download