278f480bbd718882ddd07fd76fa8c721b16e7f726865464d45e893dda2bf7231

Analysis

max time kernel
131s
max time network
281s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41b8f49b116f6fb73ac2af6da1972fe8.exe
Size

2.9MB
MD5

41b8f49b116f6fb73ac2af6da1972fe8
SHA1

beaa8b890aed4395897641b58957817d36678a36
SHA256

278f480bbd718882ddd07fd76fa8c721b16e7f726865464d45e893dda2bf7231
SHA512

48c036859429a93e32020bbed6c321dfc1838d0ef84e7bc1850b228407b0443a9851bb2df79e27780c6832e09e6e9d684cb1e94a6ea4254404d5c903e52e297a
SSDEEP

49152:NLipDd8AUvTvPGoZdYQ+5FizoX/1N74NH5HUyNRcUsCVOzetdZJ:Ne+Tjz/+5FeoP14HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
876	41b8f49b116f6fb73ac2af6da1972fe8.exe

Executes dropped EXE 1 IoCs

pid	Process
876	41b8f49b116f6fb73ac2af6da1972fe8.exe

Loads dropped DLL 1 IoCs

pid	Process
1468	41b8f49b116f6fb73ac2af6da1972fe8.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1468-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-10.dat	upx
behavioral1/files/0x0004000000004ed7-14.dat	upx
behavioral1/memory/876-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1468	41b8f49b116f6fb73ac2af6da1972fe8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1468	41b8f49b116f6fb73ac2af6da1972fe8.exe
876	41b8f49b116f6fb73ac2af6da1972fe8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 876	1468	41b8f49b116f6fb73ac2af6da1972fe8.exe	27
PID 1468 wrote to memory of 876	1468	41b8f49b116f6fb73ac2af6da1972fe8.exe	27
PID 1468 wrote to memory of 876	1468	41b8f49b116f6fb73ac2af6da1972fe8.exe	27
PID 1468 wrote to memory of 876	1468	41b8f49b116f6fb73ac2af6da1972fe8.exe	27

C:\Users\Admin\AppData\Local\Temp\41b8f49b116f6fb73ac2af6da1972fe8.exe
"C:\Users\Admin\AppData\Local\Temp\41b8f49b116f6fb73ac2af6da1972fe8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Users\Admin\AppData\Local\Temp\41b8f49b116f6fb73ac2af6da1972fe8.exe
  C:\Users\Admin\AppData\Local\Temp\41b8f49b116f6fb73ac2af6da1972fe8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\41b8f49b116f6fb73ac2af6da1972fe8.exe

Filesize
1.9MB

MD5
07233e431441c787e5f62b4929f39dc3

SHA1
9e1d462c887ae9b83921f8a6f5bdb8d47bcc595d

SHA256
a7305bdb07ec2e22d0e3ec4cbc1cfa6f53416d7148117728a1a5693535a37d51

SHA512
89ee720557d34a329b75f4f3acce20a2b0494b12f0688f0923c80ed3eb6fb7dab7348b92370aebfbe6d3430dc0202eb2c4da30f0643e30aba6e94b86ebe7eb51

Download Submit
\Users\Admin\AppData\Local\Temp\41b8f49b116f6fb73ac2af6da1972fe8.exe

Filesize
2.9MB

MD5
ca3ab8a21a7a59fb0aa972076ab655de

SHA1
ea59ebe445b80affbb2df4053005244e2f239064

SHA256
231d38acf5da59a9de73ee92c00c07a1b5a79b79019e45db9fd15c32842f6300

SHA512
bd18bec003798c8e994de9e38427a983601ecd68a23098b9ee6f49796b22c6126d49e32e378880db3f9c9dc812c89e52328f581feb7cb2f1dffc880430eda7c0

Download Submit
memory/876-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/876-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/876-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/876-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/876-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/876-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1468-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1468-12-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/1468-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1468-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1468-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download