49e7877d49d90e7ce2eca370c69fde5f9ddcd685e3ae91e877ccd7ad57f2fead

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-01-2024 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f473d975070f4d441bc8e3e36fe04fc.exe
Size

2.9MB
MD5

3f473d975070f4d441bc8e3e36fe04fc
SHA1

399493649b9093306335b7041f434950131eac1d
SHA256

49e7877d49d90e7ce2eca370c69fde5f9ddcd685e3ae91e877ccd7ad57f2fead
SHA512

0932e309635de54998528fe70edd38886b8ab0b810d21e69a35d68b16a1ef8a395e697ee552352435024cd6c12005f20748b215125494da8a0a319b06d54c913
SSDEEP

49152:hxybpjyzBRi5Po2E1+gD5EBP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:hAljcRYpEsgFEBgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2668	3f473d975070f4d441bc8e3e36fe04fc.exe

Executes dropped EXE 1 IoCs

pid	Process
2668	3f473d975070f4d441bc8e3e36fe04fc.exe

Loads dropped DLL 1 IoCs

pid	Process
760	3f473d975070f4d441bc8e3e36fe04fc.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/760-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012022-10.dat	upx
behavioral1/files/0x000a000000012022-13.dat	upx
behavioral1/memory/760-15-0x0000000003910000-0x0000000003DFF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
760	3f473d975070f4d441bc8e3e36fe04fc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
760	3f473d975070f4d441bc8e3e36fe04fc.exe
2668	3f473d975070f4d441bc8e3e36fe04fc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 2668	760	3f473d975070f4d441bc8e3e36fe04fc.exe	28
PID 760 wrote to memory of 2668	760	3f473d975070f4d441bc8e3e36fe04fc.exe	28
PID 760 wrote to memory of 2668	760	3f473d975070f4d441bc8e3e36fe04fc.exe	28
PID 760 wrote to memory of 2668	760	3f473d975070f4d441bc8e3e36fe04fc.exe	28

C:\Users\Admin\AppData\Local\Temp\3f473d975070f4d441bc8e3e36fe04fc.exe
"C:\Users\Admin\AppData\Local\Temp\3f473d975070f4d441bc8e3e36fe04fc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:760
- C:\Users\Admin\AppData\Local\Temp\3f473d975070f4d441bc8e3e36fe04fc.exe
  C:\Users\Admin\AppData\Local\Temp\3f473d975070f4d441bc8e3e36fe04fc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3f473d975070f4d441bc8e3e36fe04fc.exe

Filesize
2.9MB

MD5
b4122f118608f93c6f7df250182cbc33

SHA1
1999a0941ee2321a4f60feb1e29637a1cf8f47d5

SHA256
087819323ebbab25f30538623bbe808017e0b39d65e787446fc1d9a4c002de8f

SHA512
92bd0e1780629b4f8e9c16b015be03cbf9d04aa8221bc9f0df25442dfa4c4e2bf740fc8c1424d34d93c8f44c77262ba99a1522dcfa9a0a81bb51436774f862e3

Download Submit
\Users\Admin\AppData\Local\Temp\3f473d975070f4d441bc8e3e36fe04fc.exe

Filesize
1.9MB

MD5
9b89ca8acb289b9d365e47847f2ee057

SHA1
d1dfc70fc94dd5714d560b9be0321cbab4ce5514

SHA256
a3716c0c829be1d601031e86a1b61fcb3d322de92537f3337519abfb4fb89c40

SHA512
8a80919ac14d1acecb16835ce81ea7ab5fe6d6ae61b00f8362d470f5155d4c13e02b9a7c6336601f0fc9265cc7b2e38a18c186c095cd6bae50e810c3ba26e143

Download Submit
memory/760-15-0x0000000003910000-0x0000000003DFF000-memory.dmp

Filesize
4.9MB

Download
memory/760-2-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/760-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/760-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/760-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/760-31-0x0000000003910000-0x0000000003DFF000-memory.dmp

Filesize
4.9MB

Download
memory/2668-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2668-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2668-20-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2668-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2668-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2668-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download