d0c28031f8d4bda00e5cba00095c2ce8f766a6082b835cebe36cd75a27618f20

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 05:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

42d8565e77fba8a93ef9ab679f6efe6e.exe
Size

5.8MB
MD5

42d8565e77fba8a93ef9ab679f6efe6e
SHA1

8e110cf764eecb8315201c455891cfc6f7554357
SHA256

d0c28031f8d4bda00e5cba00095c2ce8f766a6082b835cebe36cd75a27618f20
SHA512

acf016cfc58124a1fa7ea360d6d771a00702db340a5532dd5aeddddb2f2f05a59d6846b02dcbb7facb359a607835c511ddfb7dfcd793b2ffac3fcb74aa6804e7
SSDEEP

98304:cLNyyaSDthBgg3gnl/IVUs1jePsqthvHrFHa7a1gg3gnl/IVUs1jePs:cu+thXgl/iBiPftLIagl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2780	42d8565e77fba8a93ef9ab679f6efe6e.exe

Executes dropped EXE 1 IoCs

pid	Process
2780	42d8565e77fba8a93ef9ab679f6efe6e.exe

Loads dropped DLL 1 IoCs

pid	Process
2312	42d8565e77fba8a93ef9ab679f6efe6e.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2312-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012185-10.dat	upx
behavioral1/memory/2312-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp	upx
behavioral1/files/0x000b000000012185-13.dat	upx
behavioral1/memory/2780-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2312	42d8565e77fba8a93ef9ab679f6efe6e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2312	42d8565e77fba8a93ef9ab679f6efe6e.exe
2780	42d8565e77fba8a93ef9ab679f6efe6e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2780	2312	42d8565e77fba8a93ef9ab679f6efe6e.exe	28
PID 2312 wrote to memory of 2780	2312	42d8565e77fba8a93ef9ab679f6efe6e.exe	28
PID 2312 wrote to memory of 2780	2312	42d8565e77fba8a93ef9ab679f6efe6e.exe	28
PID 2312 wrote to memory of 2780	2312	42d8565e77fba8a93ef9ab679f6efe6e.exe	28

C:\Users\Admin\AppData\Local\Temp\42d8565e77fba8a93ef9ab679f6efe6e.exe
"C:\Users\Admin\AppData\Local\Temp\42d8565e77fba8a93ef9ab679f6efe6e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\42d8565e77fba8a93ef9ab679f6efe6e.exe
  C:\Users\Admin\AppData\Local\Temp\42d8565e77fba8a93ef9ab679f6efe6e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\42d8565e77fba8a93ef9ab679f6efe6e.exe

Filesize
3.0MB

MD5
f6d6394afda5437ba7f530173f5f480c

SHA1
bbe8b00ea4117ae7219e92607284a7922bf3f0c0

SHA256
a774ccb034fb19229c8e4d3db983ef9b1657f9b9f6b0cfa866307e98df7a065b

SHA512
444a5c86b12d031f6b2916533f033902a24b2e6eb41d272b39a62536c96342a361eca4d96af60393ce0e9d879094438ddaefb47e2cf5a762a3899d439809676d

Download Submit
\Users\Admin\AppData\Local\Temp\42d8565e77fba8a93ef9ab679f6efe6e.exe

Filesize
2.1MB

MD5
8a10d77a04d5c7b995de034a53759d82

SHA1
640cc37ce702d13285e5ab56b44a5dc752674331

SHA256
dd5a877e9ce9e880ff0d26bbb337ac6acd5d3295a1d5ce9b1f6dc914a86dc69e

SHA512
73f0f77b5786749da2b803e3371c6dffbf8fbb776a57efbdea3ce83111c7e010487cd2b6a981bb8daf5b00ffc94ea3223cf84e379f6960d9b624ac2c8ecc4d76

Download Submit
memory/2312-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2312-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2312-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2312-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2312-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2312-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2780-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2780-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2780-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2780-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2780-24-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2780-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download