e44f5026c931cd60087d943f52a6f2f88a6a0a224dad2ecfffdbdd017b4c4489

Analysis

max time kernel
122s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41cafb2243de36687d783137f3324f64.exe
Size

1.5MB
MD5

41cafb2243de36687d783137f3324f64
SHA1

f298ae4cdaffa491182d1f2bd7cf43666da2ee52
SHA256

e44f5026c931cd60087d943f52a6f2f88a6a0a224dad2ecfffdbdd017b4c4489
SHA512

7d379b86d3820296528699b51db473dbdf0388e92f1412482255a3c619affd1d8eca770cee6fb52a4f545ee4022b6d0d2c5bc3400f118cacfcba768becc7188a
SSDEEP

24576:oS0YdMLVvQL87v5KSreuhfg7ONFfuUd12HUL/A+1MIXyHKheY2cW:MYSxQL87B7ThC2zd1cUM4MIlx

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2348	41cafb2243de36687d783137f3324f64.exe

Executes dropped EXE 1 IoCs

pid	Process
2348	41cafb2243de36687d783137f3324f64.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	41cafb2243de36687d783137f3324f64.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1636-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d00000001272c-10.dat	upx
behavioral1/memory/1636-14-0x0000000003510000-0x00000000039FF000-memory.dmp	upx
behavioral1/files/0x000d00000001272c-13.dat	upx
behavioral1/memory/2348-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1636	41cafb2243de36687d783137f3324f64.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1636	41cafb2243de36687d783137f3324f64.exe
2348	41cafb2243de36687d783137f3324f64.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2348	1636	41cafb2243de36687d783137f3324f64.exe	28
PID 1636 wrote to memory of 2348	1636	41cafb2243de36687d783137f3324f64.exe	28
PID 1636 wrote to memory of 2348	1636	41cafb2243de36687d783137f3324f64.exe	28
PID 1636 wrote to memory of 2348	1636	41cafb2243de36687d783137f3324f64.exe	28

C:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe
"C:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe
  C:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe

Filesize
1KB

MD5
bae6a4a7f56fca86301e5a3411bc4bea

SHA1
bcf15e56caa0db890fb1866235705926b4645570

SHA256
5fafd55d0ec43c35f1118015a0d018b7b3cfc387eed03f7a3ebd13abc5b9ccd6

SHA512
42d0fe33502b025d605bc3ccc9a2e71afa75d12d78078010f84d5765f0898fa405f38ac95a418ca9d2054ea8ab8b85dd9d0d943edd993db90188c68ff2229ea2

Download Submit
\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe

Filesize
23KB

MD5
1b93cd96b20ef5a93a59ee4a117558bc

SHA1
8a3cecd9df01dc7644fe708f065c5404557d0d65

SHA256
e7709868bf6a9d06a73ab710ceac393d86cba3736bd3473f455bab08b86ba465

SHA512
74d6d651d236875df24b911f123dc662327a3d1b1b65f5222d08050bbf83550c035f3a97b39608f358d6bda44196bf9453f49e2b7aa2098dc3d9828afc6f61a0

Download Submit
memory/1636-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1636-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1636-14-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1636-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1636-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2348-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2348-24-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download