3f8cea70c14eced7a32438e37f40dd0fc4b397125429736fc7028f2ee513b59d

Analysis

max time kernel
118s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43b871b5d62dd258c2e6f80e33e8f2dc.exe
Size

1.3MB
MD5

43b871b5d62dd258c2e6f80e33e8f2dc
SHA1

a52821481107fcdd1d261e1a01f841cd667ebd7f
SHA256

3f8cea70c14eced7a32438e37f40dd0fc4b397125429736fc7028f2ee513b59d
SHA512

27fa21a850b05f7a2481fafbaf4babdc3bed6bbd9f1d90d0a1c4612c717552d2abf768bf3284420bccf85ddb4174b0ea4d1cd58a4b7f4b2a1f6868e93e264f3b
SSDEEP

24576:x/4Dn0rjD+IwPu6p6ZPJuXYsAPi6YRTiEx0sGZoS6SiQQaNfkbvG:lan0/CHp6mX5APHWiEpGaS6SzQaNf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2308	43b871b5d62dd258c2e6f80e33e8f2dc.exe

Executes dropped EXE 1 IoCs

pid	Process
2308	43b871b5d62dd258c2e6f80e33e8f2dc.exe

Loads dropped DLL 1 IoCs

pid	Process
2504	43b871b5d62dd258c2e6f80e33e8f2dc.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2504-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0008000000012267-11.dat	upx
behavioral1/files/0x0008000000012267-13.dat	upx
behavioral1/memory/2504-16-0x0000000003460000-0x00000000038CA000-memory.dmp	upx
behavioral1/files/0x0008000000012267-14.dat	upx
behavioral1/memory/2308-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2504	43b871b5d62dd258c2e6f80e33e8f2dc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2504	43b871b5d62dd258c2e6f80e33e8f2dc.exe
2308	43b871b5d62dd258c2e6f80e33e8f2dc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2308	2504	43b871b5d62dd258c2e6f80e33e8f2dc.exe	28
PID 2504 wrote to memory of 2308	2504	43b871b5d62dd258c2e6f80e33e8f2dc.exe	28
PID 2504 wrote to memory of 2308	2504	43b871b5d62dd258c2e6f80e33e8f2dc.exe	28
PID 2504 wrote to memory of 2308	2504	43b871b5d62dd258c2e6f80e33e8f2dc.exe	28

C:\Users\Admin\AppData\Local\Temp\43b871b5d62dd258c2e6f80e33e8f2dc.exe
"C:\Users\Admin\AppData\Local\Temp\43b871b5d62dd258c2e6f80e33e8f2dc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\43b871b5d62dd258c2e6f80e33e8f2dc.exe
  C:\Users\Admin\AppData\Local\Temp\43b871b5d62dd258c2e6f80e33e8f2dc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\43b871b5d62dd258c2e6f80e33e8f2dc.exe

Filesize
227KB

MD5
025c7e754fbddaa4161e5e232cdf541e

SHA1
f6411f9b2d17b383ad783e22402ef6e268a364dc

SHA256
dc259522bb62991226b485cc123f3aefd3242548993dc13959e22edb8f0049cc

SHA512
6fa0887acd373f65d70e0c1b930b6260b6172483f1f631e378edb9ed75e298fa5acceea8b0eaf3c2ed338a8dcb9cc217af65ca29dbdfc2c0e762ee3bdd0bdeab

Download Submit
C:\Users\Admin\AppData\Local\Temp\43b871b5d62dd258c2e6f80e33e8f2dc.exe

Filesize
273KB

MD5
83044017563626ee91ac92ae1f0268b9

SHA1
d915f3e3727411cd254c1df4caacfdb1dcc4b6b5

SHA256
4fc6eb8acac1e861d0d1048bfade7acbe18ac76f905b6f60ca0e039020e45c12

SHA512
0b97ac3e26b02415a095613712c568191dac017340241e9dec11dcac9279dc6ea96c729ac29ee0ad439cd30532da07d7eda91de17c9a0957c429aa4178970a50

Download Submit
\Users\Admin\AppData\Local\Temp\43b871b5d62dd258c2e6f80e33e8f2dc.exe

Filesize
386KB

MD5
e85eb9a33ee2f76461375640b222be69

SHA1
8043773c2ce696ca40a10025d231173650319e33

SHA256
a7ea94f00cdbfe9fb150096e9d66a1ec4995da2d71418ca7c8ac701e0e51f67a

SHA512
86a323f612afb388e03b38e752cd2be502c2343cb8271214e07146183a567ad5da4f91fe4fe3eab012e2901cd44e53905a03f347d1a53c0fbb0d73290f090004

Download Submit
memory/2308-19-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2308-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2308-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2308-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2504-3-0x00000000002D0000-0x00000000003E2000-memory.dmp

Filesize
1.1MB

Download
memory/2504-16-0x0000000003460000-0x00000000038CA000-memory.dmp

Filesize
4.4MB

Download
memory/2504-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2504-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2504-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2504-26-0x0000000003460000-0x00000000038CA000-memory.dmp

Filesize
4.4MB

Download