90b68e10d098d712f15fd6bc80d8daf607434d3e81e6f6d7085b4559ebafab8c

Analysis

max time kernel
180s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42d4bec5123d8344e52b748e9baff342.exe
Size

11.7MB
MD5

42d4bec5123d8344e52b748e9baff342
SHA1

94a1e0d21d16eb2b92ec4b3a1d7b92c9489b1c33
SHA256

90b68e10d098d712f15fd6bc80d8daf607434d3e81e6f6d7085b4559ebafab8c
SHA512

57e44988c4324f571cba1cf3359c0629d84f3e1fdc40b9d3cb959540fc0b0a5e3b0dd1d96b7b1ac55f7d4055ab3e742c53f348a36052c7204fddbada054a77fa
SSDEEP

196608:f3sWugl/iBiPftLIagl/iBiPaXgbOgl/iBiPftLIagl/iBiP:vsR2iw5Ia2ifX92iw5Ia2i

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2584	42d4bec5123d8344e52b748e9baff342.exe

Executes dropped EXE 1 IoCs

pid	Process
2584	42d4bec5123d8344e52b748e9baff342.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3384-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/3384-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001e7fa-13.dat	upx
behavioral2/memory/2584-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3384	42d4bec5123d8344e52b748e9baff342.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3384	42d4bec5123d8344e52b748e9baff342.exe
2584	42d4bec5123d8344e52b748e9baff342.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 2584	3384	42d4bec5123d8344e52b748e9baff342.exe	94
PID 3384 wrote to memory of 2584	3384	42d4bec5123d8344e52b748e9baff342.exe	94
PID 3384 wrote to memory of 2584	3384	42d4bec5123d8344e52b748e9baff342.exe	94

C:\Users\Admin\AppData\Local\Temp\42d4bec5123d8344e52b748e9baff342.exe
"C:\Users\Admin\AppData\Local\Temp\42d4bec5123d8344e52b748e9baff342.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Users\Admin\AppData\Local\Temp\42d4bec5123d8344e52b748e9baff342.exe
  C:\Users\Admin\AppData\Local\Temp\42d4bec5123d8344e52b748e9baff342.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\42d4bec5123d8344e52b748e9baff342.exe

Filesize
11.7MB

MD5
b7635647ba945338be5a3fb9446f1c82

SHA1
9eeb02fa2ff98c780caa3d49a7118b69653b40b3

SHA256
2822a3694b92086f1103d3f7d0fec5ac3405879315e6ea3805532e60c22b1f20

SHA512
adc4d40ea7012264afb53d183f23456fee72dafe3c790e5f80af52b53ddf66012c8e5831c974899a33af9f2deb16a86d793c740e145d8b2c8ab5de8bd9057497

Download Submit
memory/2584-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2584-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2584-16-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/2584-22-0x00000000055F0000-0x000000000581A000-memory.dmp

Filesize
2.2MB

Download
memory/2584-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2584-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3384-2-0x0000000001D80000-0x0000000001EB3000-memory.dmp

Filesize
1.2MB

Download
memory/3384-3-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3384-11-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3384-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3384-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3384-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download