65a77bc66d0cf4c305c38a883a64227d3dfaf7312075ca054ed3023b10bf1996

Analysis

max time kernel
117s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/01/2024, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f1ae38001fcd469617f98bb262c1e74.exe
Size

1.3MB
MD5

3f1ae38001fcd469617f98bb262c1e74
SHA1

d2992cb0a979f9b5f63abc85d7124d20a2ed677c
SHA256

65a77bc66d0cf4c305c38a883a64227d3dfaf7312075ca054ed3023b10bf1996
SHA512

6f0f75db11138ada7d678ae61d9467fdb4605713fdfcc8d98a3e65260cc1fb673854c2db6d91fe24f08e8a6c180487e80e2e842a0dc67e79fa627d93a437800c
SSDEEP

24576:M9GCIMeDTrcRJ2/710qJGHuJgvnHvXxHMtHsa///Si9ws6y2SU9/9Us:MMC8IIJjJGrXxHMN7P4R9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2244	3f1ae38001fcd469617f98bb262c1e74.exe

Executes dropped EXE 1 IoCs

pid	Process
2244	3f1ae38001fcd469617f98bb262c1e74.exe

Loads dropped DLL 1 IoCs

pid	Process
1352	3f1ae38001fcd469617f98bb262c1e74.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1352-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000d0000000122dc-10.dat	upx
behavioral1/files/0x000d0000000122dc-13.dat	upx
behavioral1/memory/2244-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1352	3f1ae38001fcd469617f98bb262c1e74.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1352	3f1ae38001fcd469617f98bb262c1e74.exe
2244	3f1ae38001fcd469617f98bb262c1e74.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2244	1352	3f1ae38001fcd469617f98bb262c1e74.exe	28
PID 1352 wrote to memory of 2244	1352	3f1ae38001fcd469617f98bb262c1e74.exe	28
PID 1352 wrote to memory of 2244	1352	3f1ae38001fcd469617f98bb262c1e74.exe	28
PID 1352 wrote to memory of 2244	1352	3f1ae38001fcd469617f98bb262c1e74.exe	28

C:\Users\Admin\AppData\Local\Temp\3f1ae38001fcd469617f98bb262c1e74.exe
"C:\Users\Admin\AppData\Local\Temp\3f1ae38001fcd469617f98bb262c1e74.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\3f1ae38001fcd469617f98bb262c1e74.exe
  C:\Users\Admin\AppData\Local\Temp\3f1ae38001fcd469617f98bb262c1e74.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3f1ae38001fcd469617f98bb262c1e74.exe

Filesize
381KB

MD5
875305eeab3f84a5cfc23993fb099495

SHA1
7d038e9770a81eff3af05a9ccc20262ab6d2991b

SHA256
181c7872776fa78a593681cccb6c48c674bd2b4becf977d53b58ed6e66b625b7

SHA512
6b72d750fddc6a04c4b8f65ee6f0593359d4206ee09b5068201c778d1352a332a15d4e0a753d79f4ef32339cea02a297465a48fdc33ffcfeeec5e69d2eacf050

Download Submit
\Users\Admin\AppData\Local\Temp\3f1ae38001fcd469617f98bb262c1e74.exe

Filesize
65KB

MD5
01ba24277f05ac481a24c5f574e6e6ea

SHA1
0961380b824bb05881e01620c8f75ea856afc278

SHA256
562c93f940555678dd96b02bb30f17d8d0ff0b4164ff909f0dfdbe289e223add

SHA512
988bc07bc6eb66547f5d4bec10b9094331739fc03bb26b2701334f4d0cb06b4c6ef2291187cb3e46f6a9a9739da31c8135c2388b6719822d8b78f82bcda2b756

Download Submit
memory/1352-15-0x00000000035E0000-0x0000000003AC7000-memory.dmp

Filesize
4.9MB

Download
memory/1352-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1352-2-0x00000000002A0000-0x00000000003D1000-memory.dmp

Filesize
1.2MB

Download
memory/1352-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1352-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1352-31-0x00000000035E0000-0x0000000003AC7000-memory.dmp

Filesize
4.9MB

Download
memory/2244-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2244-25-0x0000000003410000-0x0000000003632000-memory.dmp

Filesize
2.1MB

Download
memory/2244-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2244-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2244-19-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2244-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download