c0428607ed9de91b77fe6d9d259d9e0599ee921a7d56c23d83eaf149e18bb9f4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 22:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

421d2f54a2e9ba8c2c78eaaefed6d1c9.exe
Size

5.8MB
MD5

421d2f54a2e9ba8c2c78eaaefed6d1c9
SHA1

9a58bc71edf496497789d0a16a0a029cfe7d7741
SHA256

c0428607ed9de91b77fe6d9d259d9e0599ee921a7d56c23d83eaf149e18bb9f4
SHA512

1b442f43efc94773591896fa0fd709bd5a0e9165b15f7d388d916c2a69a7c516f3c7ede4b119c57e3195d1719b81ef52bf8f76ee6e727af6d9c175ac059cc23e
SSDEEP

98304:UIySiUWE59roEWrHjKX+Ql1F0qeE70GdC94crrVXq5SDVTjKX+Ql1F0qeE70:aMfrrovrDK7dDdC9rr9qYBnK7d

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3048	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Executes dropped EXE 1 IoCs

pid	Process
3048	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Loads dropped DLL 1 IoCs

pid	Process
3004	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3004-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224d-13.dat	upx
behavioral1/memory/3048-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224d-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3004	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3004	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe
3048	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3048	3004	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe	28
PID 3004 wrote to memory of 3048	3004	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe	28
PID 3004 wrote to memory of 3048	3004	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe	28
PID 3004 wrote to memory of 3048	3004	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe	28

C:\Users\Admin\AppData\Local\Temp\421d2f54a2e9ba8c2c78eaaefed6d1c9.exe
"C:\Users\Admin\AppData\Local\Temp\421d2f54a2e9ba8c2c78eaaefed6d1c9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Users\Admin\AppData\Local\Temp\421d2f54a2e9ba8c2c78eaaefed6d1c9.exe
  C:\Users\Admin\AppData\Local\Temp\421d2f54a2e9ba8c2c78eaaefed6d1c9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Filesize
190KB

MD5
528215efb65d75cf0a7b0fa695f9404d

SHA1
490542738216ce584ed24be72f646330c3bbe101

SHA256
07f84887d817e0ba15a420885e89db9f0b83d68bb7577008af4c80c15a3ae2be

SHA512
d5a15334a47c09c27b055245c652db0f311ab01905d60cf49dbd1b15c342bd7c0987a32eb755377422243487ac5515c92fe3369762e754b3941665adbed796c6

Download Submit
\Users\Admin\AppData\Local\Temp\421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Filesize
267KB

MD5
fa38ccb67526357cad2ceba04f3d9574

SHA1
a0e2ac503a7538e69931ac1affd09d9239ac5748

SHA256
09d9347ac2e2ae2cf594b5e3fad67260a1987e3d90db245127ac63fae485ea7b

SHA512
b41d4a1064cdb526211fc5078f82ccab7d5603ecec5f0b1b8e6ec6e0cee3dc74d03ef2835ba770220df94e025bcd9c92cc88347d023d8cd729793c6fe8f51dfe

Download Submit
memory/3004-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/3004-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3004-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3004-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3004-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3004-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/3048-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3048-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/3048-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3048-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3048-25-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/3048-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download