ec36169e6d0c446b5b8d5171b54f338d8050f84d8b78dad03f26de33ad3a4a71

Analysis

max time kernel
120s
max time network
162s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ae9af65b00bb338d20b7b2337c6c320.exe
Size

2.9MB
MD5

3ae9af65b00bb338d20b7b2337c6c320
SHA1

15a108be320541d13544b77fbe6736e4461276f0
SHA256

ec36169e6d0c446b5b8d5171b54f338d8050f84d8b78dad03f26de33ad3a4a71
SHA512

100f694d6536d875f1086f5e8c7ac34b16c11dda8a1d06f2c1cfd67aed1999fe8caca0c08c39a2c45ab0fd78945f1782e068a198db2a8ba611cfe725d9780261
SSDEEP

49152:vJ+PIxLJyGWEdJXy5xC1ukf/T/d6Lf9zrJlQMur0Vd0cIT3AH:h+PIxiz5xC15Tdkf9RlM4633q

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2844	3ae9af65b00bb338d20b7b2337c6c320.exe

Executes dropped EXE 1 IoCs

pid	Process
2844	3ae9af65b00bb338d20b7b2337c6c320.exe

Loads dropped DLL 1 IoCs

pid	Process
2680	3ae9af65b00bb338d20b7b2337c6c320.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2680-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012270-10.dat	upx
behavioral1/files/0x0008000000012270-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2680	3ae9af65b00bb338d20b7b2337c6c320.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2680	3ae9af65b00bb338d20b7b2337c6c320.exe
2844	3ae9af65b00bb338d20b7b2337c6c320.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2844	2680	3ae9af65b00bb338d20b7b2337c6c320.exe	27
PID 2680 wrote to memory of 2844	2680	3ae9af65b00bb338d20b7b2337c6c320.exe	27
PID 2680 wrote to memory of 2844	2680	3ae9af65b00bb338d20b7b2337c6c320.exe	27
PID 2680 wrote to memory of 2844	2680	3ae9af65b00bb338d20b7b2337c6c320.exe	27

C:\Users\Admin\AppData\Local\Temp\3ae9af65b00bb338d20b7b2337c6c320.exe
"C:\Users\Admin\AppData\Local\Temp\3ae9af65b00bb338d20b7b2337c6c320.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Users\Admin\AppData\Local\Temp\3ae9af65b00bb338d20b7b2337c6c320.exe
  C:\Users\Admin\AppData\Local\Temp\3ae9af65b00bb338d20b7b2337c6c320.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3ae9af65b00bb338d20b7b2337c6c320.exe

Filesize
320KB

MD5
6e39538ecb47e0215d395a99e0ec10cd

SHA1
cceffbd68d8d9af078eb8e93344f1c93e2d983a3

SHA256
b0279455c8348195c261d28bb8bfe6adcf5e5c4cf1db31bf8c693494d0a710de

SHA512
0920d249948a84603b1edbcb75e165d34a5dfb0779d5393ad66aa5ad4b7622256b6fd6a0867d7bdf600c4105835d479e1f11199e0af606d8d3d5342695298f07

Download Submit
\Users\Admin\AppData\Local\Temp\3ae9af65b00bb338d20b7b2337c6c320.exe

Filesize
38KB

MD5
673f1f714cd8c377b4da8856d6cc514c

SHA1
2becdaa0e098260f702aab013d20adaa4a54ed80

SHA256
f960c1eece03b8554de89b0fa80ba82599c49ab03bf4bddca29c5c4316f4a9e7

SHA512
266eec7d45105566592ce89c8af67d3384b4e6be08a91ae7fabf03f937d6b07a4c9f1418622b1e754ac20f4eb0ef7fce4af223b726ca68510b158b43694e78a5

Download Submit
memory/2680-16-0x00000000036B0000-0x0000000003B9F000-memory.dmp

Filesize
4.9MB

Download
memory/2680-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2680-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2680-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2680-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2844-19-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2844-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2844-22-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2844-25-0x0000000003560000-0x000000000378A000-memory.dmp

Filesize
2.2MB

Download
memory/2844-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2844-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download