cab81b92b10159c61673842d780a4e6bdfb0e1272bf851b61ee25c249744bf25

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4323fa4d2c88efdd640cbfba3f3ad758.exe
Size

1.3MB
MD5

4323fa4d2c88efdd640cbfba3f3ad758
SHA1

c989d1e9d136ca6a50d3e779016800567f31e063
SHA256

cab81b92b10159c61673842d780a4e6bdfb0e1272bf851b61ee25c249744bf25
SHA512

e57e8298cee8b2487bdd7d83ed7865f69d4f77da3c39d4019817cca3bef92fa61fc95d542694c733fd522a469ed9f0b406dc321faea1159bf5f7674aca1f899c
SSDEEP

24576:lBI6r1/099WPBISyiPnY+sdXpkmn5/Yxlu1lH5uqjTyikBzmWO:pZ0LNgPap3pYxlufQ6ubBzmf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2996	4323fa4d2c88efdd640cbfba3f3ad758.exe

Executes dropped EXE 1 IoCs

pid	Process
2996	4323fa4d2c88efdd640cbfba3f3ad758.exe

Loads dropped DLL 1 IoCs

pid	Process
2392	4323fa4d2c88efdd640cbfba3f3ad758.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2392-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2392-14-0x00000000035B0000-0x0000000003A9F000-memory.dmp	upx
behavioral1/files/0x000a000000013a71-15.dat	upx
behavioral1/files/0x000a000000013a71-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2392	4323fa4d2c88efdd640cbfba3f3ad758.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2392	4323fa4d2c88efdd640cbfba3f3ad758.exe
2996	4323fa4d2c88efdd640cbfba3f3ad758.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2996	2392	4323fa4d2c88efdd640cbfba3f3ad758.exe	15
PID 2392 wrote to memory of 2996	2392	4323fa4d2c88efdd640cbfba3f3ad758.exe	15
PID 2392 wrote to memory of 2996	2392	4323fa4d2c88efdd640cbfba3f3ad758.exe	15
PID 2392 wrote to memory of 2996	2392	4323fa4d2c88efdd640cbfba3f3ad758.exe	15

C:\Users\Admin\AppData\Local\Temp\4323fa4d2c88efdd640cbfba3f3ad758.exe
"C:\Users\Admin\AppData\Local\Temp\4323fa4d2c88efdd640cbfba3f3ad758.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\4323fa4d2c88efdd640cbfba3f3ad758.exe
  C:\Users\Admin\AppData\Local\Temp\4323fa4d2c88efdd640cbfba3f3ad758.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4323fa4d2c88efdd640cbfba3f3ad758.exe

Filesize
94KB

MD5
aa6cdaca194787bd450105a24135d36c

SHA1
59f369965f9e9af25d62d8ac6b2f19b62f19245b

SHA256
a00c4aac64faf7d15c878bb95882e09201187be1e1875575dbd584f6c9916f7d

SHA512
13dd33a7c8b525a78f8f8294be6297d86f8ac80117389d883786f4c94bd635fc87b297c97dfb2c39f9b095f413eb099a622bee4a7fb38026f1a675bb008c6d7d

Download Submit
\Users\Admin\AppData\Local\Temp\4323fa4d2c88efdd640cbfba3f3ad758.exe

Filesize
131KB

MD5
5a338e270b92f5167d825c8e56df7be9

SHA1
6e8e984a24ef78c4686e562e0df1e8a2a98e9165

SHA256
9fd772e676f0ca719565e8900c3a0737a4f78e495630a48614d464f3429b0282

SHA512
ba2f83849184aaa8dfabc5aec57604ff3edd1c6b28f6f5762d21be2e948ccd03e51e4e797903927f0e4e4190dca24a6d3fd039007a68d06fd0dce99d5369e04f

Download Submit
memory/2392-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2392-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2392-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2392-14-0x00000000035B0000-0x0000000003A9F000-memory.dmp

Filesize
4.9MB

Download
memory/2392-31-0x00000000035B0000-0x0000000003A9F000-memory.dmp

Filesize
4.9MB

Download
memory/2392-2-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2996-24-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2996-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2996-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2996-20-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2996-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download