a65bdea83025d85268ab92ad1a7f3934078b5c66bdd0c36ec031d569f4a932dc

Analysis

max time kernel
38s
max time network
185s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

431ea7329641e8a9e9bbdddb9071770e.exe
Size

5.8MB
MD5

431ea7329641e8a9e9bbdddb9071770e
SHA1

d86be14425fea05c2ec4563191a809d0a667ba78
SHA256

a65bdea83025d85268ab92ad1a7f3934078b5c66bdd0c36ec031d569f4a932dc
SHA512

ce415699ab27914cf750890c74aec14f314ed2575dfe1fd03bbe60c5c6552e158173f5970822b0d7e6b6d879d26d531590f9028356ef7325c40a0946aa8004f0
SSDEEP

98304:5w9MhsvF4HBUCczzM3iIioC/1vCNv4HBUCczzM3:5w9Miv+WC9ANvigWC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2556	431ea7329641e8a9e9bbdddb9071770e.exe

Executes dropped EXE 1 IoCs

pid	Process
2556	431ea7329641e8a9e9bbdddb9071770e.exe

Loads dropped DLL 1 IoCs

pid	Process
2844	431ea7329641e8a9e9bbdddb9071770e.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2844-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2556-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-15.dat	upx
behavioral1/files/0x0004000000004ed7-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2844	431ea7329641e8a9e9bbdddb9071770e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2844	431ea7329641e8a9e9bbdddb9071770e.exe
2556	431ea7329641e8a9e9bbdddb9071770e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2556	2844	431ea7329641e8a9e9bbdddb9071770e.exe	21
PID 2844 wrote to memory of 2556	2844	431ea7329641e8a9e9bbdddb9071770e.exe	21
PID 2844 wrote to memory of 2556	2844	431ea7329641e8a9e9bbdddb9071770e.exe	21
PID 2844 wrote to memory of 2556	2844	431ea7329641e8a9e9bbdddb9071770e.exe	21

C:\Users\Admin\AppData\Local\Temp\431ea7329641e8a9e9bbdddb9071770e.exe
"C:\Users\Admin\AppData\Local\Temp\431ea7329641e8a9e9bbdddb9071770e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\431ea7329641e8a9e9bbdddb9071770e.exe
  C:\Users\Admin\AppData\Local\Temp\431ea7329641e8a9e9bbdddb9071770e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\431ea7329641e8a9e9bbdddb9071770e.exe

Filesize
52KB

MD5
091271919a49c64a57e9e1b1b27d4da5

SHA1
9ebe3f30554651947c4c03fc6d793e5b7235d0e6

SHA256
054becee42a918b2cd226cf5801a6c5e9e4dcd20dbe83933159361a4eb52897f

SHA512
293493d7b54e13a25bd45b16b80b713a6f46559e529fa56986bff4732d6d55f55c5f8b2f203347f9267fd16b1d9e54ac0947fc80035ca3053daad95721d10f7f

Download Submit
\Users\Admin\AppData\Local\Temp\431ea7329641e8a9e9bbdddb9071770e.exe

Filesize
1KB

MD5
64da8ee3355f82a9c571f108ed5db2da

SHA1
6a258207325f85663f0bc04fc40b097a4045ca2b

SHA256
51eebffd6899f1d8e40d7cca82b2d2af9e9a223f773affaffe7bd1bfad31cb14

SHA512
bdbf5ed63b24ea17fc42d36f384e5be36ca9f4b92fc3aefea8630d2b0f5c6225984f0b130059bb32727a1c1695550dd07189924d24a00ecc1b71fc92330b23b2

Download Submit
memory/2556-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2556-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2556-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2556-25-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/2556-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2556-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2844-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2844-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2844-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2844-13-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2844-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download