5f38b06518d29da86fd4fc01d91a7731e935eae957a143ae279c93fc63d8684d

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02-01-2024 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e6afaa2557892e89e2d17708c1594a5.exe
Size

1.3MB
MD5

3e6afaa2557892e89e2d17708c1594a5
SHA1

3fa710d1ed3a77168bb90d8120c614a216f16ac4
SHA256

5f38b06518d29da86fd4fc01d91a7731e935eae957a143ae279c93fc63d8684d
SHA512

29d720d5f7d9cf28925026555259b98452afc88dda4541ba501ae851e7f694d722ed9af5223a790a83e2b2ae0d32d2776ed062ff8199234bf233ec007d2d757a
SSDEEP

24576:1vYIS8XVpb0MGz4jZzgoq3zpkIrXX8iiU8wY6vYSQpGdpbCvG:1vYLaj0XyNgqIrVpVQS+Gdp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3020	3e6afaa2557892e89e2d17708c1594a5.exe

Executes dropped EXE 1 IoCs

pid	Process
3020	3e6afaa2557892e89e2d17708c1594a5.exe

Loads dropped DLL 1 IoCs

pid	Process
3004	3e6afaa2557892e89e2d17708c1594a5.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3004-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b00000000e610-13.dat	upx
behavioral1/files/0x000b00000000e610-15.dat	upx
behavioral1/files/0x000b00000000e610-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3004	3e6afaa2557892e89e2d17708c1594a5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3004	3e6afaa2557892e89e2d17708c1594a5.exe
3020	3e6afaa2557892e89e2d17708c1594a5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3020	3004	3e6afaa2557892e89e2d17708c1594a5.exe	28
PID 3004 wrote to memory of 3020	3004	3e6afaa2557892e89e2d17708c1594a5.exe	28
PID 3004 wrote to memory of 3020	3004	3e6afaa2557892e89e2d17708c1594a5.exe	28
PID 3004 wrote to memory of 3020	3004	3e6afaa2557892e89e2d17708c1594a5.exe	28

C:\Users\Admin\AppData\Local\Temp\3e6afaa2557892e89e2d17708c1594a5.exe
"C:\Users\Admin\AppData\Local\Temp\3e6afaa2557892e89e2d17708c1594a5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Users\Admin\AppData\Local\Temp\3e6afaa2557892e89e2d17708c1594a5.exe
  C:\Users\Admin\AppData\Local\Temp\3e6afaa2557892e89e2d17708c1594a5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3e6afaa2557892e89e2d17708c1594a5.exe

Filesize
770KB

MD5
f7543a1db5daa5d16d7224c56dd76384

SHA1
bbed87ea656ac5f2742a214ce5b02dc4d59bc716

SHA256
1fa42320f68bc47d41a17ba13bd7236090fb137b5f6961a74593dbd7d05cf704

SHA512
d495d8c28f36eb9ca1ca50862cd2a3d9d2b7a3b33f6787a2f999b29369bc9f4b8efa47658cde33562348f3b09f2ed51f66652c6c54757adfb98e1ebfad7954db

Download Submit
C:\Users\Admin\AppData\Local\Temp\3e6afaa2557892e89e2d17708c1594a5.exe

Filesize
381KB

MD5
5f708acf7492cf660e73a49286636e1a

SHA1
6f8885f25446a9c3fdc4b5192a78968ddf3ff735

SHA256
aed47f51b3704ad450c4e3f506c7e0499970567c059a8297d82ed651845b821f

SHA512
7bba8e8f2d56fdeffe47a43a7fad3aa9c7a849ffd73dda22ada3b4beaddea4d81d5c862e863b0898e81174084bfe2c9758d83d7da6f3078939089a6553736833

Download Submit
\Users\Admin\AppData\Local\Temp\3e6afaa2557892e89e2d17708c1594a5.exe

Filesize
896KB

MD5
98bef4395d6a6dd86632a91577c5f8fe

SHA1
9ec1a19ee49a9c7c7cf4c161013558810ef2339c

SHA256
a8ccf0bb3648ea5fca491f6af0b12dbd591af23fb4c915de9a0058ae1fc2d6bd

SHA512
d5f31990726b77782feabb9bf03254b3780924500a0736c305e09cb75afcc2312c39b0525a89c7375dface0c037b267807e838d4d658370586086772b35d10e8

Download Submit
memory/3004-16-0x0000000003540000-0x00000000039AA000-memory.dmp

Filesize
4.4MB

Download
memory/3004-14-0x0000000000700000-0x0000000000861000-memory.dmp

Filesize
1.4MB

Download
memory/3004-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3004-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3004-3-0x0000000000290000-0x00000000003A2000-memory.dmp

Filesize
1.1MB

Download
memory/3004-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3020-22-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3020-19-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/3020-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3020-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download