21d834eeece11735e2a289c2903fdaa032a8d4e0810bbfe6d04ac3792cf5243c

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 04:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42c986807d74e6ca257bb32bc77c46a7.exe
Size

2.7MB
MD5

42c986807d74e6ca257bb32bc77c46a7
SHA1

ad93a9b554c8ee475a3ab728b8f0722915b28b65
SHA256

21d834eeece11735e2a289c2903fdaa032a8d4e0810bbfe6d04ac3792cf5243c
SHA512

d29ece1fbae29bbdf7904774109671ffa86e4b01d7e3e8c92d778acfda3ecf29ab3ffdf00dbc27d67905bc0d1b41c82a619b6ab67cf98dca8b1eedc18ab8d581
SSDEEP

49152:JgKbxJMN3w5cAmPvAyobWMz2DyR9cF5OonzWMnpMax+SW0IcWpAfejR9j:JgGM3w5cAEvgRRHcFoLWT+SW0xWvHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2980	42c986807d74e6ca257bb32bc77c46a7.exe

Executes dropped EXE 1 IoCs

pid	Process
2980	42c986807d74e6ca257bb32bc77c46a7.exe

Loads dropped DLL 1 IoCs

pid	Process
2856	42c986807d74e6ca257bb32bc77c46a7.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a0000000133a9-13.dat	upx
behavioral1/files/0x000a0000000133a9-12.dat	upx
behavioral1/files/0x000a0000000133a9-10.dat	upx
behavioral1/memory/2856-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2856	42c986807d74e6ca257bb32bc77c46a7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2856	42c986807d74e6ca257bb32bc77c46a7.exe
2980	42c986807d74e6ca257bb32bc77c46a7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2980	2856	42c986807d74e6ca257bb32bc77c46a7.exe	17
PID 2856 wrote to memory of 2980	2856	42c986807d74e6ca257bb32bc77c46a7.exe	17
PID 2856 wrote to memory of 2980	2856	42c986807d74e6ca257bb32bc77c46a7.exe	17
PID 2856 wrote to memory of 2980	2856	42c986807d74e6ca257bb32bc77c46a7.exe	17

C:\Users\Admin\AppData\Local\Temp\42c986807d74e6ca257bb32bc77c46a7.exe
"C:\Users\Admin\AppData\Local\Temp\42c986807d74e6ca257bb32bc77c46a7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\42c986807d74e6ca257bb32bc77c46a7.exe
  C:\Users\Admin\AppData\Local\Temp\42c986807d74e6ca257bb32bc77c46a7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\42c986807d74e6ca257bb32bc77c46a7.exe

Filesize
57KB

MD5
b9e88fa1ce434c2f777096e2fe496da5

SHA1
eeb85c5bb758d8a0cfb9505dac28fc143516b81d

SHA256
c45536db337d4a08336313a2aa365564e7a24aa4ff52a5df2a70b9082de9dc57

SHA512
6f80ab8739c24548d98195888d5a1dd7b74a922fff28ffe3e8a3533d8d651fbf1e3dcc340a0671868d9040fc6651ab5b1de69856e0f619b44d07b76b704fd1e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\42c986807d74e6ca257bb32bc77c46a7.exe

Filesize
79KB

MD5
79c32a41d13bbe919c77809abf4a793d

SHA1
5e1a086efdb2acf6ec6a9578e041c4e85868206a

SHA256
9afc4d8abe63a53c9f459c55079d90ae329197a91a5ddfc83341868fe8e3f9b6

SHA512
0f3869528324f352459fbfd51652d538651226f0978235d0764753e8030a4103be93efcb3bea1ee8b887b30380f92aaa3185b64787a23e3a5fd810f080ec0912

Download Submit
\Users\Admin\AppData\Local\Temp\42c986807d74e6ca257bb32bc77c46a7.exe

Filesize
29KB

MD5
c9620223f2c938e4a528eb28b6d236b8

SHA1
4a9015a0a84b0a103d172f3c495ca1d7d4909e3d

SHA256
d0cadde908d39aaf1f00ab047174ba818c417c72fa9bf1f82e47d6151cfc468f

SHA512
f02cd40f0ac66e3b1e2c6e64f9e263fef07d2534129cdd6ceef1ea2d080bbac8cb3836785d96215a32e06bb9a7fb73a416c418769d639f4f7bed1ef7d890d517

Download Submit
memory/2856-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2856-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2856-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2856-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2980-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2980-15-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2980-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2980-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2980-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2980-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download