9fad4d94c35e5a8f81968c88fdac2409d0064554f245dde3b2348a161b9992fd

Analysis

max time kernel
118s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3aaa411360934012e1651ecd7cc7b848.exe
Size

1.3MB
MD5

3aaa411360934012e1651ecd7cc7b848
SHA1

538a3b44387afaae3bc00216d181819bf66142b1
SHA256

9fad4d94c35e5a8f81968c88fdac2409d0064554f245dde3b2348a161b9992fd
SHA512

f100e8ad543b87e22f798b9f8f55236b503c64455cc714c60ca01fe231c58f09a637a6859963d2521b5b13676a4c5d3090b46a70684259b5299fc96985dd3da0
SSDEEP

24576:eEf4Nyzpba3W0PA0MHQXQjhT4ZAVSxY6WpmsIKNIXj9KECKJhWc:eW4Gp+3W4A04QQjhT4ZA0xY6WpmTKocY

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2716	3aaa411360934012e1651ecd7cc7b848.exe

Executes dropped EXE 1 IoCs

pid	Process
2716	3aaa411360934012e1651ecd7cc7b848.exe

Loads dropped DLL 1 IoCs

pid	Process
2396	3aaa411360934012e1651ecd7cc7b848.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2396-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012262-14.dat	upx
behavioral1/files/0x000c000000012262-10.dat	upx
behavioral1/memory/2716-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2396	3aaa411360934012e1651ecd7cc7b848.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2396	3aaa411360934012e1651ecd7cc7b848.exe
2716	3aaa411360934012e1651ecd7cc7b848.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2716	2396	3aaa411360934012e1651ecd7cc7b848.exe	28
PID 2396 wrote to memory of 2716	2396	3aaa411360934012e1651ecd7cc7b848.exe	28
PID 2396 wrote to memory of 2716	2396	3aaa411360934012e1651ecd7cc7b848.exe	28
PID 2396 wrote to memory of 2716	2396	3aaa411360934012e1651ecd7cc7b848.exe	28

C:\Users\Admin\AppData\Local\Temp\3aaa411360934012e1651ecd7cc7b848.exe
"C:\Users\Admin\AppData\Local\Temp\3aaa411360934012e1651ecd7cc7b848.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\3aaa411360934012e1651ecd7cc7b848.exe
  C:\Users\Admin\AppData\Local\Temp\3aaa411360934012e1651ecd7cc7b848.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3aaa411360934012e1651ecd7cc7b848.exe

Filesize
217KB

MD5
25189bbff5b56f200756d2d1a06883be

SHA1
36f81b978afc576b232c6bd025de7480c1e36725

SHA256
dda11ae6c8f54921e7594953b623fe822af48998f101a2a25f8782129318ea9e

SHA512
34de69d054ed8415117eefe2d98e5edc794788bb9b72fc6370d19c780e23efc1c80174e73d0c26b48a580fbbb219fbe9342f393e8ad2a6854158fe2544a94289

Download Submit
\Users\Admin\AppData\Local\Temp\3aaa411360934012e1651ecd7cc7b848.exe

Filesize
182KB

MD5
4ba718a63bc033137f9474d8c7975b54

SHA1
0e84463021403ca30855ce744daac512560b1290

SHA256
323cca328bce9823931322d73c74a940a1192f8b3e9aa04017f9a92f5125bb8f

SHA512
067bf021c44f43fc0cf757b2525fad06638329bc6430910b51a119b05fdde9e01bf1453f93905fb0ed6f488828aecb2bfc7402a4d20caaac2a3ecf5bfe20a26a

Download Submit
memory/2396-31-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2396-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-15-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2716-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2716-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2716-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2716-24-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/2716-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2716-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download