6546b76c6ee3cacef13394a2feb8f5c593f89ccfdc2d94476b67f447d98aa7a8

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43b406b2e0af188cb6c1d4b09b36cf57.exe
Size

2.9MB
MD5

43b406b2e0af188cb6c1d4b09b36cf57
SHA1

60462c598c9c1b613aaf12d67a22556b9f695cd5
SHA256

6546b76c6ee3cacef13394a2feb8f5c593f89ccfdc2d94476b67f447d98aa7a8
SHA512

ab5b52aba8a75bdcdd16d3ec970081def50552419719a90485da2a436182ea09f91ffc9bfc0b00905ed00601e0cd031f7624d2bb37c7a42885e6f027130104bd
SSDEEP

49152:FGjScpZURfiZdcxLb7vXIiJ0LiwTfvN74NH5HUyNRcUsCVOzetdZJ:FG+xjxrvIqwiKX4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2664	43b406b2e0af188cb6c1d4b09b36cf57.exe

Executes dropped EXE 1 IoCs

pid	Process
2664	43b406b2e0af188cb6c1d4b09b36cf57.exe

Loads dropped DLL 1 IoCs

pid	Process
2448	43b406b2e0af188cb6c1d4b09b36cf57.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2448-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012247-10.dat	upx
behavioral1/memory/2664-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012247-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2448	43b406b2e0af188cb6c1d4b09b36cf57.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2448	43b406b2e0af188cb6c1d4b09b36cf57.exe
2664	43b406b2e0af188cb6c1d4b09b36cf57.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2664	2448	43b406b2e0af188cb6c1d4b09b36cf57.exe	28
PID 2448 wrote to memory of 2664	2448	43b406b2e0af188cb6c1d4b09b36cf57.exe	28
PID 2448 wrote to memory of 2664	2448	43b406b2e0af188cb6c1d4b09b36cf57.exe	28
PID 2448 wrote to memory of 2664	2448	43b406b2e0af188cb6c1d4b09b36cf57.exe	28

C:\Users\Admin\AppData\Local\Temp\43b406b2e0af188cb6c1d4b09b36cf57.exe
"C:\Users\Admin\AppData\Local\Temp\43b406b2e0af188cb6c1d4b09b36cf57.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Users\Admin\AppData\Local\Temp\43b406b2e0af188cb6c1d4b09b36cf57.exe
  C:\Users\Admin\AppData\Local\Temp\43b406b2e0af188cb6c1d4b09b36cf57.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\43b406b2e0af188cb6c1d4b09b36cf57.exe

Filesize
2.9MB

MD5
f607906492361b884790918ee82691d5

SHA1
cb191c9b9ac3b569d650ebd65dd9505c4d8adf49

SHA256
85cb5bac3a018d0af16d11e2cc8d9ed5bc0082b256839afe2fda97b7d005c0ca

SHA512
d3d06a220cbb107f60904fc3fb52d893df0d6b2a7b0a5bd556d55b31a668a5b59e70b18c4c01217617a2d4d9e8370768a244ce398497c64bee6b4123d5fb3a66

Download Submit
\Users\Admin\AppData\Local\Temp\43b406b2e0af188cb6c1d4b09b36cf57.exe

Filesize
2.6MB

MD5
f64108d3ee5ad1a8890ee647dbd81fb3

SHA1
09c828401b80be0773481f0327b391afe3c45977

SHA256
352024a0dfe83de33acea324a32228fed483a5bf6c543dece56dc4109f7632ea

SHA512
12d986ee49a29f373e16b82df2789bed433e878df26dd955e2e2084e24dc6fc86ed088fc812046218b0eb9d0bd4f7adf4552c0ddf0feb5102654e1be4d1fca0c

Download Submit
memory/2448-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2448-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2448-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2448-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2664-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2664-15-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2664-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2664-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2664-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2664-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download