d116d9356b476cf28a5d0ec1abd31b8af494ec500bd4e0d6643f90cc271f44db

Analysis

max time kernel
122s
max time network
267s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3caf6ab2383376bbcbeb0384ac4337b6.exe
Size

2.7MB
MD5

3caf6ab2383376bbcbeb0384ac4337b6
SHA1

9267953185404b77521cd6412de4cd8a604dca30
SHA256

d116d9356b476cf28a5d0ec1abd31b8af494ec500bd4e0d6643f90cc271f44db
SHA512

ae4b64de26b8c5c905dffcdbe4893a896205eae802125666521d377dca8fa4fcdbca126fd7083901ccc1884b018c69227d36568cd07e5574c782685b064fd3be
SSDEEP

49152:PiJdnudvEoZwbI0VogCq3cFuXxw0ZkwqAU+i+d5EjoqQDvx1cp:qTudvEoZw+icFuhw4LqAUzW5crQDvjcp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1636	3caf6ab2383376bbcbeb0384ac4337b6.exe

Executes dropped EXE 1 IoCs

pid	Process
1636	3caf6ab2383376bbcbeb0384ac4337b6.exe

Loads dropped DLL 1 IoCs

pid	Process
2736	3caf6ab2383376bbcbeb0384ac4337b6.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2736-3-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-10.dat	upx
behavioral1/memory/2736-12-0x0000000003750000-0x0000000003C3F000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-14.dat	upx
behavioral1/files/0x0004000000004ed7-13.dat	upx
behavioral1/memory/1636-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2736	3caf6ab2383376bbcbeb0384ac4337b6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2736	3caf6ab2383376bbcbeb0384ac4337b6.exe
1636	3caf6ab2383376bbcbeb0384ac4337b6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1636	2736	3caf6ab2383376bbcbeb0384ac4337b6.exe	27
PID 2736 wrote to memory of 1636	2736	3caf6ab2383376bbcbeb0384ac4337b6.exe	27
PID 2736 wrote to memory of 1636	2736	3caf6ab2383376bbcbeb0384ac4337b6.exe	27
PID 2736 wrote to memory of 1636	2736	3caf6ab2383376bbcbeb0384ac4337b6.exe	27

C:\Users\Admin\AppData\Local\Temp\3caf6ab2383376bbcbeb0384ac4337b6.exe
"C:\Users\Admin\AppData\Local\Temp\3caf6ab2383376bbcbeb0384ac4337b6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\3caf6ab2383376bbcbeb0384ac4337b6.exe
  C:\Users\Admin\AppData\Local\Temp\3caf6ab2383376bbcbeb0384ac4337b6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3caf6ab2383376bbcbeb0384ac4337b6.exe

Filesize
1.4MB

MD5
f46be50b865340a594d69beeef973bd8

SHA1
acb4dc4dff5b2f588952e63cee9bf33033ff22c1

SHA256
ad53e12417cdc69ab5bd2b2ae41c0e84a44f627638def9dc545abbd884293538

SHA512
04b44e4113fa8c59bb0cacbc990e7a3727b927d331fd825944b1aa28f683f2cde7fb7dac04eae4a483481065f42ee6df20105f11906efecb0baee0984b988242

Download Submit
C:\Users\Admin\AppData\Local\Temp\3caf6ab2383376bbcbeb0384ac4337b6.exe

Filesize
1.3MB

MD5
821c418ad05361af561b498865b34632

SHA1
c27087e82cd5f4a41a2bfed0eb6af70fe792f8c7

SHA256
ec18be9790e8ea404435bf0ff1b6f10bb8c5b2e133a05cbfd4f441fa37b5145e

SHA512
b435d79e8ee67a2e93dc21bfbb29a68ef7a1a0641e178cee60c598be5a2a790670e05b4d8b8ecd9664fee701e8ef99144e2bf1e39c04cdbee2cb59888e8d9c9b

Download Submit
\Users\Admin\AppData\Local\Temp\3caf6ab2383376bbcbeb0384ac4337b6.exe

Filesize
1.8MB

MD5
333f60a1a21ca96242fbbbb675935465

SHA1
5805411f5d5f39ad4f946bcd48d7633dc778f549

SHA256
b315771e426d6fde0b6c66b1be9c1d85289c235b1d1295ad8f10f94f49cd3775

SHA512
f72532e013b9f4a4f99adcdaddcb26e52bbf2c86e53904c8a0c6bff3d6da7d73eec39495d05a052d609a460be884f7e3236bf485fdb9ffdada15053d51aae4df

Download Submit
memory/1636-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1636-19-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/1636-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1636-24-0x0000000003550000-0x000000000377A000-memory.dmp

Filesize
2.2MB

Download
memory/1636-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1636-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2736-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2736-12-0x0000000003750000-0x0000000003C3F000-memory.dmp

Filesize
4.9MB

Download
memory/2736-5-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2736-3-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2736-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download