fef5584f38bdf9ac06ff8db27c93fc743597a775eda20c81e736153adaa53ff1

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

444775d558666f21df34137551ea0ee0.exe
Size

2.9MB
MD5

444775d558666f21df34137551ea0ee0
SHA1

96422e43f1df1fc182e40b24a4fd895b1f0fcd8d
SHA256

fef5584f38bdf9ac06ff8db27c93fc743597a775eda20c81e736153adaa53ff1
SHA512

b9c09886a7b7808b0c5c503308c359d50b4a09a7b7bfc6852b506240f440d76f3610be19784d16531f2f4de5cc91e5b764aad1ea238928cfdf7aa45fe389c92b
SSDEEP

49152:KztTDL9BSrkKgHyzk5IESmOCYXk+a+wgBf2sSQU92jNjZnbz:KlnSr5g7IENOCGk+a+wghtSUJZz

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2696	444775d558666f21df34137551ea0ee0.exe

Executes dropped EXE 1 IoCs

pid	Process
2696	444775d558666f21df34137551ea0ee0.exe

Loads dropped DLL 1 IoCs

pid	Process
2292	444775d558666f21df34137551ea0ee0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2292-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx
behavioral1/files/0x000a000000012243-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2292	444775d558666f21df34137551ea0ee0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2292	444775d558666f21df34137551ea0ee0.exe
2696	444775d558666f21df34137551ea0ee0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2696	2292	444775d558666f21df34137551ea0ee0.exe	28
PID 2292 wrote to memory of 2696	2292	444775d558666f21df34137551ea0ee0.exe	28
PID 2292 wrote to memory of 2696	2292	444775d558666f21df34137551ea0ee0.exe	28
PID 2292 wrote to memory of 2696	2292	444775d558666f21df34137551ea0ee0.exe	28

C:\Users\Admin\AppData\Local\Temp\444775d558666f21df34137551ea0ee0.exe
"C:\Users\Admin\AppData\Local\Temp\444775d558666f21df34137551ea0ee0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\444775d558666f21df34137551ea0ee0.exe
  C:\Users\Admin\AppData\Local\Temp\444775d558666f21df34137551ea0ee0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\444775d558666f21df34137551ea0ee0.exe

Filesize
115KB

MD5
23fdf53bc63cf8f4588665bf2ed80321

SHA1
9e9d39f0e22ab0f2be3428b0839fc949368ed6bf

SHA256
11bf0948b9a8e27123e8dabf9f399f5fc07b64a5def2c055c871387bbcaee734

SHA512
defd490931be767dba240b463d3ca789b6544751a25b9205e969e24ed662ae3bed704516a87a72474ef3da2ac19d1f3ea32328207b6b60597f415afce20e5b7f

Download Submit
\Users\Admin\AppData\Local\Temp\444775d558666f21df34137551ea0ee0.exe

Filesize
45KB

MD5
a74e4a655b23e3e9b83e3637ce3ee0fb

SHA1
ed1f7ce55cd4eeb7e168d216b273f9741228f7a1

SHA256
ec218a35a4d901a475748cb6a63a1c3ed1b20fe223f5c2bc13e1025a2ca777b9

SHA512
f4523de6047db56b00eb0bc8fb63e6d9cbde188097003d4b0ac8f60a9705de2d2dca047736730fec9de02b71d5b0ed06a1a7444d0f22ef7a258cb4a13cdc61e1

Download Submit
memory/2292-17-0x0000000003810000-0x0000000003CFF000-memory.dmp

Filesize
4.9MB

Download
memory/2292-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2292-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2292-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2292-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2696-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2696-21-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2696-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2696-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2696-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2696-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download