c31dcd728d6b8803c61d7bd0833943461cdf3708352e4fbc632d5b82e89259b7

Analysis

max time kernel
121s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42fae771030963bfade57fc048d80be0.exe
Size

5.3MB
MD5

42fae771030963bfade57fc048d80be0
SHA1

a2ce532edc11f99034ce541a7f9ae64568e5345b
SHA256

c31dcd728d6b8803c61d7bd0833943461cdf3708352e4fbc632d5b82e89259b7
SHA512

cebbb5783c06052f68eacf529e72422c045b35c2b5c1ae7ff423cb1a7a52c5f3aab6df91b313acec4a6e4965e6ac768c806ecb5b48a3a22194733d49f053e19c
SSDEEP

98304:j1AvB7aVyBgm51JfbDl/0TdcY5oysoB+bmPtJfbDl/:j07aVO5vf5xYqq9Hf5

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1388	42fae771030963bfade57fc048d80be0.exe

Executes dropped EXE 1 IoCs

pid	Process
1388	42fae771030963bfade57fc048d80be0.exe

Loads dropped DLL 1 IoCs

pid	Process
2268	42fae771030963bfade57fc048d80be0.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2268-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012247-11.dat	upx
behavioral1/memory/2268-16-0x0000000003ED0000-0x000000000433A000-memory.dmp	upx
behavioral1/memory/1388-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012247-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2268	42fae771030963bfade57fc048d80be0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2268	42fae771030963bfade57fc048d80be0.exe
1388	42fae771030963bfade57fc048d80be0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1388	2268	42fae771030963bfade57fc048d80be0.exe	28
PID 2268 wrote to memory of 1388	2268	42fae771030963bfade57fc048d80be0.exe	28
PID 2268 wrote to memory of 1388	2268	42fae771030963bfade57fc048d80be0.exe	28
PID 2268 wrote to memory of 1388	2268	42fae771030963bfade57fc048d80be0.exe	28

C:\Users\Admin\AppData\Local\Temp\42fae771030963bfade57fc048d80be0.exe
"C:\Users\Admin\AppData\Local\Temp\42fae771030963bfade57fc048d80be0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\42fae771030963bfade57fc048d80be0.exe
  C:\Users\Admin\AppData\Local\Temp\42fae771030963bfade57fc048d80be0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\42fae771030963bfade57fc048d80be0.exe

Filesize
71KB

MD5
512066f64ea656c58f262d242454be1e

SHA1
3e3d4b768a193384151e4204b290dfe722eb4639

SHA256
c093d54d41b5eecc288fa91e48b8b77ddd75b34a2d8587a9e461f31ffd746619

SHA512
5975ecb156e7e8c6e0646b3c007c73446d86d978d3c419a29c693cc49ae5aacd618474f84f55968892413008adc850daf09bf584630a0e72685e81c2389793c4

Download Submit
\Users\Admin\AppData\Local\Temp\42fae771030963bfade57fc048d80be0.exe

Filesize
82KB

MD5
1de800f263220eabacddba257251d440

SHA1
4ed6894251c5aed52c33e05e500517ddbe8beca7

SHA256
951acd2cf065a057a38797724b4a010416d9e31191b7fb76f8d9bc98abafccad

SHA512
0db34bdaa8dc3c2c160e9e2a0c3a4790b00c6c682cd09b8d3d075756e8f3948e7f7d6d775d81d9d3b76d85747553b6f4abefa773814c6cbbdc3f54a281e55beb

Download Submit
memory/1388-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1388-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1388-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1388-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2268-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2268-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2268-3-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2268-16-0x0000000003ED0000-0x000000000433A000-memory.dmp

Filesize
4.4MB

Download
memory/2268-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2268-26-0x0000000003ED0000-0x000000000433A000-memory.dmp

Filesize
4.4MB

Download