2145db71dae9cdf49663188229e6dec924f658b0d68643bca1e097696d0fec18

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dfb1abf97a6a7590cc68626454d68f9.exe
Size

2.7MB
MD5

3dfb1abf97a6a7590cc68626454d68f9
SHA1

42af0e90dfe04edcc8ebae468f42074559d43cab
SHA256

2145db71dae9cdf49663188229e6dec924f658b0d68643bca1e097696d0fec18
SHA512

e26c58971af4547f39cd3ee36e151748ba53d7bc334909e75ec63cf24799c46b7c4b3bd2ed0b92dd93ef8e3a4818b715df82f7af95e9e209bc70dd9fee17fb7c
SSDEEP

49152:4NipghzlOSMAJEmx6+2nojR9njmrYlw03Kpx2lkfZR9j:4NF/kA2y6+2AHSUypZRHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2772	3dfb1abf97a6a7590cc68626454d68f9.exe

Executes dropped EXE 1 IoCs

pid	Process
2772	3dfb1abf97a6a7590cc68626454d68f9.exe

Loads dropped DLL 1 IoCs

pid	Process
2200	3dfb1abf97a6a7590cc68626454d68f9.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000012263-10.dat	upx
behavioral1/files/0x000c000000012263-12.dat	upx
behavioral1/files/0x000c000000012263-15.dat	upx
behavioral1/memory/2772-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2200	3dfb1abf97a6a7590cc68626454d68f9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2200	3dfb1abf97a6a7590cc68626454d68f9.exe
2772	3dfb1abf97a6a7590cc68626454d68f9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2772	2200	3dfb1abf97a6a7590cc68626454d68f9.exe	28
PID 2200 wrote to memory of 2772	2200	3dfb1abf97a6a7590cc68626454d68f9.exe	28
PID 2200 wrote to memory of 2772	2200	3dfb1abf97a6a7590cc68626454d68f9.exe	28
PID 2200 wrote to memory of 2772	2200	3dfb1abf97a6a7590cc68626454d68f9.exe	28

C:\Users\Admin\AppData\Local\Temp\3dfb1abf97a6a7590cc68626454d68f9.exe
"C:\Users\Admin\AppData\Local\Temp\3dfb1abf97a6a7590cc68626454d68f9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\3dfb1abf97a6a7590cc68626454d68f9.exe
  C:\Users\Admin\AppData\Local\Temp\3dfb1abf97a6a7590cc68626454d68f9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3dfb1abf97a6a7590cc68626454d68f9.exe

Filesize
376KB

MD5
63536d34fafc7eec2ed1e9050b7a1d25

SHA1
080eeb511b7afdb96415210ceb7e6746af193ffa

SHA256
eba379e424395f1a31e0855b3f9848e32d66f0ef930311be647ebba95590955d

SHA512
e5d2d8d0b6b0a99d85ca0d3bf924ed61cb39e663277bfbb8609a29e5f3eda5a32232bea30a7f7091892b1b53641754e10f78f25a305133238583d19a2a5fa918

Download Submit
C:\Users\Admin\AppData\Local\Temp\3dfb1abf97a6a7590cc68626454d68f9.exe

Filesize
64KB

MD5
092c3d9b0e98e85047cdc3af8b86a12b

SHA1
d5773901be81c3d252ad40e1986a4b3d0cb08a3c

SHA256
98f26d71046acbc1e62c537ff123480dcf41476d1b91a57b3d6e3c562153e7a1

SHA512
295b10ad60fa688a2d2bfaded158a6e308a3db9ed9859c0e312bf7499c5e073d8ab359fd4e6f7a884c5629980ab1ac97a26fa3d64af07a179bf8b473edfa43e9

Download Submit
\Users\Admin\AppData\Local\Temp\3dfb1abf97a6a7590cc68626454d68f9.exe

Filesize
152KB

MD5
e2d76ba2ef90eb81af45a8ddbc6b28af

SHA1
2ecc1ad6f705423ad894409f73649dc9a7301885

SHA256
bbdb8716c38a3e81c927d04b72dee1e51069357921e9f4fe4c24c1a3d927f3ac

SHA512
2b1f5f0cd397619e3042c51cc039cb30d7704af7caa14ef6205779c1f020351db40d3c8930ddb553cd9215cbce9fc2f3ba24e15abb60fc8cf4b9673fb24f733f

Download Submit
memory/2200-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2200-3-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2200-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2200-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2200-14-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2200-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2772-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2772-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2772-18-0x0000000000290000-0x00000000003C1000-memory.dmp

Filesize
1.2MB

Download
memory/2772-24-0x0000000003690000-0x00000000038B2000-memory.dmp

Filesize
2.1MB

Download
memory/2772-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2772-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download