ad717cbc92dba90d38aba4967430001633920e8ec6f3e55e2eaf82e00b415081

Analysis

max time kernel
123s
max time network
201s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a01d27b192b15151b61851a338bedd9.exe
Size

5.3MB
MD5

3a01d27b192b15151b61851a338bedd9
SHA1

c424eb34473abce9db6831c2d06aa54d370a3054
SHA256

ad717cbc92dba90d38aba4967430001633920e8ec6f3e55e2eaf82e00b415081
SHA512

a7622c9e0d3d8f0f96ed2e2ccd5b0d650a8f7d206b68916d013793d51e2a3fabd595470bab12daa2dd4af138bca7c78f30cfabc1106dc3133e7f558975c55533
SSDEEP

98304:YXW7+ksL6TNjb7W/FjEFzw9oPdCGAQOd7IwgyhFjEFzw9oP:yWM6TNvuFIFEWCG+KyFIFE

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1508	3a01d27b192b15151b61851a338bedd9.exe

Executes dropped EXE 1 IoCs

pid	Process
1508	3a01d27b192b15151b61851a338bedd9.exe

Loads dropped DLL 1 IoCs

pid	Process
2956	3a01d27b192b15151b61851a338bedd9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2956-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x001000000000b1f5-11.dat	upx
behavioral1/files/0x001000000000b1f5-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2956	3a01d27b192b15151b61851a338bedd9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2956	3a01d27b192b15151b61851a338bedd9.exe
1508	3a01d27b192b15151b61851a338bedd9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 1508	2956	3a01d27b192b15151b61851a338bedd9.exe	29
PID 2956 wrote to memory of 1508	2956	3a01d27b192b15151b61851a338bedd9.exe	29
PID 2956 wrote to memory of 1508	2956	3a01d27b192b15151b61851a338bedd9.exe	29
PID 2956 wrote to memory of 1508	2956	3a01d27b192b15151b61851a338bedd9.exe	29

C:\Users\Admin\AppData\Local\Temp\3a01d27b192b15151b61851a338bedd9.exe
"C:\Users\Admin\AppData\Local\Temp\3a01d27b192b15151b61851a338bedd9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\3a01d27b192b15151b61851a338bedd9.exe
  C:\Users\Admin\AppData\Local\Temp\3a01d27b192b15151b61851a338bedd9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3a01d27b192b15151b61851a338bedd9.exe

Filesize
563KB

MD5
c310bc1236f39c1abddb1dfe9ee692e4

SHA1
7929797200e03c105dc28dd14eb2ef7f39aef20e

SHA256
3effe7fdafd0f11b850e3f547b8a63e3f42746a18d670959e6d4ab7a0aaf1564

SHA512
4c1c886a7414d5287bed2568550de4268dfffefa4a3946acb701b12eb41871fc0a7fedfc1bb3df43bf02b54881264bc79a3064be38515cfa6585be214d34cf74

Download Submit
\Users\Admin\AppData\Local\Temp\3a01d27b192b15151b61851a338bedd9.exe

Filesize
496KB

MD5
75ee2cb57b38ff6a05ec33eb6b42569e

SHA1
cbc70005204da049734204f456224761dc187b71

SHA256
66cf7dfe72d05b9497a875656504ea9e3b3a37df2166e8186f8e79526fec2be6

SHA512
c00fabd300776cea89f41e1c5e9e366c765cbbca43c3d07e808be2d539ccb4b6d0df6f052ec86275cec62e3bd77dd5d64fb2ef64ef0ea8db32576feaba756608

Download Submit
memory/1508-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1508-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1508-18-0x0000000000270000-0x0000000000382000-memory.dmp

Filesize
1.1MB

Download
memory/1508-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2956-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2956-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2956-3-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2956-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download