ac9f72d1e7eb6ab817a8df4f2831b4f61cf3553191b5f0520aeb91d4725ef6e9

Analysis

max time kernel
118s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40e8f680ed165297210da70d5cda5e07.exe
Size

11.7MB
MD5

40e8f680ed165297210da70d5cda5e07
SHA1

44209aba6267bbdafd30444c91cca7b41e7af855
SHA256

ac9f72d1e7eb6ab817a8df4f2831b4f61cf3553191b5f0520aeb91d4725ef6e9
SHA512

d0f424c9edacfafa6505379f9d65d38a119ab2df31407b9c401ef39d78a9904985beae377da61cc8737ed360be99483d9e68d8a7c112b3ea3012d1e98c59f709
SSDEEP

196608:OpWGqP3X5Q1gl/iBiPiogl/iBiP35PHy6gUgl/iBiPiogl/iBiP:OpK3JQ12i5o2iwy6gU2i5o2i

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2092	40e8f680ed165297210da70d5cda5e07.exe

Executes dropped EXE 1 IoCs

pid	Process
2092	40e8f680ed165297210da70d5cda5e07.exe

Loads dropped DLL 1 IoCs

pid	Process
1112	40e8f680ed165297210da70d5cda5e07.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1112-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001225e-10.dat	upx
behavioral1/files/0x000a00000001225e-15.dat	upx
behavioral1/memory/2092-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1112-14-0x0000000004990000-0x0000000004E7F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1112	40e8f680ed165297210da70d5cda5e07.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1112	40e8f680ed165297210da70d5cda5e07.exe
2092	40e8f680ed165297210da70d5cda5e07.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2092	1112	40e8f680ed165297210da70d5cda5e07.exe	28
PID 1112 wrote to memory of 2092	1112	40e8f680ed165297210da70d5cda5e07.exe	28
PID 1112 wrote to memory of 2092	1112	40e8f680ed165297210da70d5cda5e07.exe	28
PID 1112 wrote to memory of 2092	1112	40e8f680ed165297210da70d5cda5e07.exe	28

C:\Users\Admin\AppData\Local\Temp\40e8f680ed165297210da70d5cda5e07.exe
"C:\Users\Admin\AppData\Local\Temp\40e8f680ed165297210da70d5cda5e07.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Users\Admin\AppData\Local\Temp\40e8f680ed165297210da70d5cda5e07.exe
  C:\Users\Admin\AppData\Local\Temp\40e8f680ed165297210da70d5cda5e07.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\40e8f680ed165297210da70d5cda5e07.exe

Filesize
1.6MB

MD5
d874bcfc23a96cc3e168be11abe220d9

SHA1
f222d1c90173ca9b5fb45b6a8850611b20c6f493

SHA256
cd11b2a8c8d40c91b08090242e144fb1066ad0bfc34d5ca8480085c64ed77fde

SHA512
08e43ada37e1add7185df0f2fe533d5874ff83c8f0a07fcc2a1241b5754fa326345fdde6f9324ec5efd8fe32893610052265e8a4db5b35374de9efb653d85918

Download Submit
\Users\Admin\AppData\Local\Temp\40e8f680ed165297210da70d5cda5e07.exe

Filesize
1.4MB

MD5
4fae9687fa6b410a92abe73ad19b114a

SHA1
3cd18b58b0b7843c87b2eb7cdf5762b10ec2b665

SHA256
8a12acf0ffeac019079e0a9b10cdb03db8e8a25a4558c08d9a290b994bfdf89a

SHA512
59db3bd651f084145f03084fa725b1a0b0c68a3232f7bc71e02179b8f3bf1940f4e462037da065695b3d98bdb690aa663a32f7f03132e2320aaf501c997c63ea

Download Submit
memory/1112-14-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download
memory/1112-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1112-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1112-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1112-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2092-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2092-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2092-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2092-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2092-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2092-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download