548c261c5b54ea1428baf6d1d109f0bcdfe93575d7e3ee2bb8f9f1dfaad52c11

Analysis

max time kernel
122s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

399c347a62833e78b259c64e6c2f02fa.exe
Size

1.3MB
MD5

399c347a62833e78b259c64e6c2f02fa
SHA1

df571474a3b1572efe5795525c1fd21babcb9514
SHA256

548c261c5b54ea1428baf6d1d109f0bcdfe93575d7e3ee2bb8f9f1dfaad52c11
SHA512

273d3700df4321c32b5ded4766f2cac292f35ec0122fc2ffbeefc57f21a1fee1d376efd13680dca7a1bec17ef8651694dc8f4215651246e43b9644b533619bd8
SSDEEP

24576:fco5Rj+vBIXIpdcPh48eY0EDmrqCvukaw6DMeNahZ5AlOZgJP7/Wc:0oDIIXidw48etEKXawpCG50rTp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2988	399c347a62833e78b259c64e6c2f02fa.exe

Executes dropped EXE 1 IoCs

pid	Process
2988	399c347a62833e78b259c64e6c2f02fa.exe

Loads dropped DLL 1 IoCs

pid	Process
1068	399c347a62833e78b259c64e6c2f02fa.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1068-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a0000000135c2-10.dat	upx
behavioral1/files/0x000a0000000135c2-15.dat	upx
behavioral1/memory/2988-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1068	399c347a62833e78b259c64e6c2f02fa.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1068	399c347a62833e78b259c64e6c2f02fa.exe
2988	399c347a62833e78b259c64e6c2f02fa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 2988	1068	399c347a62833e78b259c64e6c2f02fa.exe	28
PID 1068 wrote to memory of 2988	1068	399c347a62833e78b259c64e6c2f02fa.exe	28
PID 1068 wrote to memory of 2988	1068	399c347a62833e78b259c64e6c2f02fa.exe	28
PID 1068 wrote to memory of 2988	1068	399c347a62833e78b259c64e6c2f02fa.exe	28

C:\Users\Admin\AppData\Local\Temp\399c347a62833e78b259c64e6c2f02fa.exe
"C:\Users\Admin\AppData\Local\Temp\399c347a62833e78b259c64e6c2f02fa.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Users\Admin\AppData\Local\Temp\399c347a62833e78b259c64e6c2f02fa.exe
  C:\Users\Admin\AppData\Local\Temp\399c347a62833e78b259c64e6c2f02fa.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\399c347a62833e78b259c64e6c2f02fa.exe

Filesize
286KB

MD5
1fdfa8993dc7513530d678374a8fabb0

SHA1
44b8b4a58745280085fb7d111131b4952fe24987

SHA256
444e00cefb9f2bf117880cda777f443bbfece1415cdce73fb6b3f41fe6eeec5b

SHA512
c4cfcab478fe0c052751b5c7310d021a37c416a2f96c108a00ac0e5b2eac363e857f0e74a8412ea007dc171d8f114f6012dbf26ab4eadabf8914cb35a8f513a4

Download Submit
\Users\Admin\AppData\Local\Temp\399c347a62833e78b259c64e6c2f02fa.exe

Filesize
488KB

MD5
eb2ef14e8b52fb2ca04acc7a7fb3dc0f

SHA1
59c5c650a6eae7929b4c433705604778087d7a80

SHA256
b1130a0549e4cc2dbb7e7a877540279bdd0bba95e594384ba5883f6105213feb

SHA512
8f26322d0dadb12694bb348b3b70946bab1874918541f4207794fc157b4a4966113c1489e5fbf351ae31e32e3f76b773b085dcde56383d79629d32f6fcc3ff28

Download Submit
memory/1068-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1068-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1068-13-0x0000000000770000-0x00000000008D1000-memory.dmp

Filesize
1.4MB

Download
memory/1068-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1068-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1068-14-0x00000000034F0000-0x00000000039DF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-20-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2988-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2988-25-0x00000000034C0000-0x00000000036EA000-memory.dmp

Filesize
2.2MB

Download
memory/2988-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download