504b5858244a4b9a6f98f54608686be8e23547682f37df5a88b84e42ea5faa1a

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43614121d1a5593b477c5fc5c7f18f3c.exe
Size

2.7MB
MD5

43614121d1a5593b477c5fc5c7f18f3c
SHA1

58d2d6e3da53d5b7724acffbf421a1e1d3605bba
SHA256

504b5858244a4b9a6f98f54608686be8e23547682f37df5a88b84e42ea5faa1a
SHA512

0d204e95d5a5476ee7d1024f0428421088b777c5d558a2588e8ef00725c21e576b2e72dd35594473b5d188d56bdc97e520732208ad4f99638a9ea48a96d58052
SSDEEP

49152:/YOcDBQ7/3f/owhcoqvn+2L02q/ZN9R9WKLNUOJG3w0LG8Mkmf4FwZAxkdxoeR9j:Vv7/Howh4f+2WN9H7pUOJG3NXi1sqFHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2272	43614121d1a5593b477c5fc5c7f18f3c.exe

Executes dropped EXE 1 IoCs

pid	Process
2272	43614121d1a5593b477c5fc5c7f18f3c.exe

Loads dropped DLL 1 IoCs

pid	Process
2472	43614121d1a5593b477c5fc5c7f18f3c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2472-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012256-10.dat	upx
behavioral1/files/0x0008000000012256-13.dat	upx
behavioral1/memory/2272-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2472	43614121d1a5593b477c5fc5c7f18f3c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2472	43614121d1a5593b477c5fc5c7f18f3c.exe
2272	43614121d1a5593b477c5fc5c7f18f3c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2272	2472	43614121d1a5593b477c5fc5c7f18f3c.exe	24
PID 2472 wrote to memory of 2272	2472	43614121d1a5593b477c5fc5c7f18f3c.exe	24
PID 2472 wrote to memory of 2272	2472	43614121d1a5593b477c5fc5c7f18f3c.exe	24
PID 2472 wrote to memory of 2272	2472	43614121d1a5593b477c5fc5c7f18f3c.exe	24

C:\Users\Admin\AppData\Local\Temp\43614121d1a5593b477c5fc5c7f18f3c.exe
"C:\Users\Admin\AppData\Local\Temp\43614121d1a5593b477c5fc5c7f18f3c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Users\Admin\AppData\Local\Temp\43614121d1a5593b477c5fc5c7f18f3c.exe
  C:\Users\Admin\AppData\Local\Temp\43614121d1a5593b477c5fc5c7f18f3c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\43614121d1a5593b477c5fc5c7f18f3c.exe

Filesize
105KB

MD5
403ca7ba69d2ee2ee8c0d2698b2a7a32

SHA1
073972240b3dd799970edd9f4fe892ee9969873a

SHA256
ba2e4426bb72f4e4d358995f0d32d90f556d1abf802376affc72328611fa7be6

SHA512
2b711227a293706adbfce51cc89f906dda3bab2104f2f9e41129e32737a6de54ccae8c9db8bed26fe9f3e91442ae07b28ac610a196c33db35a288c06ad79bfb4

Download Submit
\Users\Admin\AppData\Local\Temp\43614121d1a5593b477c5fc5c7f18f3c.exe

Filesize
188KB

MD5
ca4a9c77a58384273fc5da92ade9ad09

SHA1
de45539bee2a49906aa7f9ebf0a3b4104770f8ab

SHA256
f347c79af160daad96bfa74064b808d93c28d57d52b7a4c493200094c2385771

SHA512
dfe684883317d659daac34665b6bdd37bd59f142fb1748db749fd6b3d9dd929ae45098935138b0b3aef93d1599210e683299b9bbaf5dbc55971da945c5f1290b

Download Submit
memory/2272-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2272-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2272-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2272-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2272-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2272-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2472-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2472-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2472-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2472-15-0x0000000003750000-0x0000000003C37000-memory.dmp

Filesize
4.9MB

Download
memory/2472-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2472-31-0x0000000003750000-0x0000000003C37000-memory.dmp

Filesize
4.9MB

Download