a20c35bf21d199de38ad42b0ced6ec7dcc8f64535e208aeabd65e4412a1738c2

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

39ad70e8b2c37b1c0c26da54080486d4.exe
Size

2.9MB
MD5

39ad70e8b2c37b1c0c26da54080486d4
SHA1

e37ecf62c30d2850168fc2cad2e8a1ff92e97ee4
SHA256

a20c35bf21d199de38ad42b0ced6ec7dcc8f64535e208aeabd65e4412a1738c2
SHA512

d98c62ce6bcf19560241b254d079d215bdb8bc71ec17bc3d65a6d903e5710caddad531376fba4601b21ee8144544ecfeb2e7ccd36815d1d41c3149fdc64c690e
SSDEEP

49152:CV2JN3P816bA50JDyQeCUmGgvSC2jqOvvfpg6Uleioo7vR2N7c7Tf:nJRP8+Y0JeZCTLDTOxQlGw7T

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1972	39ad70e8b2c37b1c0c26da54080486d4.exe

Executes dropped EXE 1 IoCs

pid	Process
1972	39ad70e8b2c37b1c0c26da54080486d4.exe

Loads dropped DLL 1 IoCs

pid	Process
1996	39ad70e8b2c37b1c0c26da54080486d4.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1996-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012301-15.dat	upx
behavioral1/memory/1972-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012301-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1996	39ad70e8b2c37b1c0c26da54080486d4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1996	39ad70e8b2c37b1c0c26da54080486d4.exe
1972	39ad70e8b2c37b1c0c26da54080486d4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1972	1996	39ad70e8b2c37b1c0c26da54080486d4.exe	28
PID 1996 wrote to memory of 1972	1996	39ad70e8b2c37b1c0c26da54080486d4.exe	28
PID 1996 wrote to memory of 1972	1996	39ad70e8b2c37b1c0c26da54080486d4.exe	28
PID 1996 wrote to memory of 1972	1996	39ad70e8b2c37b1c0c26da54080486d4.exe	28

C:\Users\Admin\AppData\Local\Temp\39ad70e8b2c37b1c0c26da54080486d4.exe
"C:\Users\Admin\AppData\Local\Temp\39ad70e8b2c37b1c0c26da54080486d4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\39ad70e8b2c37b1c0c26da54080486d4.exe
  C:\Users\Admin\AppData\Local\Temp\39ad70e8b2c37b1c0c26da54080486d4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\39ad70e8b2c37b1c0c26da54080486d4.exe

Filesize
133KB

MD5
08690736e582d9695c906fb54ea90645

SHA1
a83cc2ae279c6453139714cbf7f97c7a00fd1632

SHA256
58a39ceb94ae7d0188aafaeaca1168b174db5b57a411af8335d06e8b856db0e0

SHA512
9a2b40dff7ac7b5b9941aa37048166583b4d811f8b8da011a8dfa99ee5919198c0ca19bb8e8dfc239508ca58bbc8a951dd8ddd77f68ec3aff9e68014adb85dd3

Download Submit
\Users\Admin\AppData\Local\Temp\39ad70e8b2c37b1c0c26da54080486d4.exe

Filesize
225KB

MD5
aa460d892b8665190564cd8e636828b5

SHA1
beb67447e2b708b7187adf5c2949403c328b7b2f

SHA256
d095c2f4445aac9939a06491f2694e233913ac73e1754fd7f5927b9e94ed521e

SHA512
1fba8441ac4ba9466d3aba9a6cc366b61ce273fe028cd5fb29e477ef8b777b113ba8a979b0c30466b92b10d57aa85d2dbffca9aa00024162d312bcc8f6bc840a

Download Submit
memory/1972-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1972-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-20-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1972-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1972-25-0x0000000003570000-0x000000000379A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1996-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1996-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1996-13-0x00000000038D0000-0x0000000003DBF000-memory.dmp

Filesize
4.9MB

Download
memory/1996-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1996-2-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/1996-31-0x00000000038D0000-0x0000000003DBF000-memory.dmp

Filesize
4.9MB

Download