bf3e2432e6ab16f5717134b32cc2b936c1bca00573fcebc995b937648787e70e

Analysis

max time kernel
121s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40cfe873754cb1acca2f17ece7571602.exe
Size

5.8MB
MD5

40cfe873754cb1acca2f17ece7571602
SHA1

da4a799919822850cb6f819778fc0a5ba933f1f3
SHA256

bf3e2432e6ab16f5717134b32cc2b936c1bca00573fcebc995b937648787e70e
SHA512

e2d2dc389bb7e959ccd0cffb665b325d9c9468e87ea750c129fac3d820369f8cc5ab8edb0daac73ef8b298df89da99852bf2d28a1f2456781197d989685a4ec8
SSDEEP

98304:JOKyO1C5PStp4HBUCczzM3zEgJSCgkxf0QIbLt6q4HBUCczzM3:JOeC5P9WCX/bqQataWC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2272	40cfe873754cb1acca2f17ece7571602.exe

Executes dropped EXE 1 IoCs

pid	Process
2272	40cfe873754cb1acca2f17ece7571602.exe

Loads dropped DLL 1 IoCs

pid	Process
2220	40cfe873754cb1acca2f17ece7571602.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2272-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000014b4b-15.dat	upx
behavioral1/memory/2220-14-0x0000000003DD0000-0x00000000042BF000-memory.dmp	upx
behavioral1/files/0x000c000000014b4b-10.dat	upx
behavioral1/memory/2220-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2220	40cfe873754cb1acca2f17ece7571602.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2220	40cfe873754cb1acca2f17ece7571602.exe
2272	40cfe873754cb1acca2f17ece7571602.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2272	2220	40cfe873754cb1acca2f17ece7571602.exe	1
PID 2220 wrote to memory of 2272	2220	40cfe873754cb1acca2f17ece7571602.exe	1
PID 2220 wrote to memory of 2272	2220	40cfe873754cb1acca2f17ece7571602.exe	1
PID 2220 wrote to memory of 2272	2220	40cfe873754cb1acca2f17ece7571602.exe	1

C:\Users\Admin\AppData\Local\Temp\40cfe873754cb1acca2f17ece7571602.exe
C:\Users\Admin\AppData\Local\Temp\40cfe873754cb1acca2f17ece7571602.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2272

C:\Users\Admin\AppData\Local\Temp\40cfe873754cb1acca2f17ece7571602.exe
"C:\Users\Admin\AppData\Local\Temp\40cfe873754cb1acca2f17ece7571602.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\40cfe873754cb1acca2f17ece7571602.exe

Filesize
1.6MB

MD5
5d587ad30cde5d7d56f4e50039c16123

SHA1
e4efdbf83d697069ab07fbf7ccb6799e30cc96f5

SHA256
29cf70ee89801d5418272c44f222863823225efa99213642b1ec90bb52aca8e5

SHA512
2f2ea39e6f0ccef90e08862662856ab18126e678286f9f2be08155bbb5f6a724c94f210123d91d0d83249a0ffe798d0666427cdbf7836301f869184eeca4f7a8

Download Submit
\Users\Admin\AppData\Local\Temp\40cfe873754cb1acca2f17ece7571602.exe

Filesize
2.2MB

MD5
71805601afc3847cb5b5f5705335b6d8

SHA1
f891d7df96500c39c01d1c6ed32f257171525c28

SHA256
823db7cd63ba75351b0e717e151229741ee06b0bb2bd7b67ec73685c8aead4f9

SHA512
94d0c64fda5ea71939a161af9d3c65f7baa4918770fc0f8b51184b12c9751cb5929710ed3f1ea4ba0e5e0dd78820eb2414b0e3616696229cae4f735ec1be36c7

Download Submit
memory/2220-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2220-14-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2220-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2220-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2220-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2220-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2272-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2272-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2272-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2272-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2272-25-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2272-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download