12b00a12cf836fd005fceff3d025980d3bf03c924d5531f645128d6d26177697

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

455f9887d7bde0118aeaed8c41034026.exe
Size

1.3MB
MD5

455f9887d7bde0118aeaed8c41034026
SHA1

1d78c913e0446441608a52c4a98cba38a8772b7a
SHA256

12b00a12cf836fd005fceff3d025980d3bf03c924d5531f645128d6d26177697
SHA512

96fe3bdff9d997606854a4cd889c52767e144fff2b54e8f86414c36f14f82cf68fd12c4a2ac03c113992ba08861eab964b282cd0d051bf1543f2b836b259d6cd
SSDEEP

24576:6WYJyhfg5gXpLBTnRcbF7K31rX81FVDI/wzFeCmhzAwgNz028AdV4vG:6PJyhf1ZNnmG3R81buSTg++RC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2756	455f9887d7bde0118aeaed8c41034026.exe

Executes dropped EXE 1 IoCs

pid	Process
2756	455f9887d7bde0118aeaed8c41034026.exe

Loads dropped DLL 1 IoCs

pid	Process
776	455f9887d7bde0118aeaed8c41034026.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/776-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012233-11.dat	upx
behavioral1/files/0x000a000000012233-14.dat	upx
behavioral1/memory/2756-15-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
776	455f9887d7bde0118aeaed8c41034026.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
776	455f9887d7bde0118aeaed8c41034026.exe
2756	455f9887d7bde0118aeaed8c41034026.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 2756	776	455f9887d7bde0118aeaed8c41034026.exe	28
PID 776 wrote to memory of 2756	776	455f9887d7bde0118aeaed8c41034026.exe	28
PID 776 wrote to memory of 2756	776	455f9887d7bde0118aeaed8c41034026.exe	28
PID 776 wrote to memory of 2756	776	455f9887d7bde0118aeaed8c41034026.exe	28

C:\Users\Admin\AppData\Local\Temp\455f9887d7bde0118aeaed8c41034026.exe
"C:\Users\Admin\AppData\Local\Temp\455f9887d7bde0118aeaed8c41034026.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:776
- C:\Users\Admin\AppData\Local\Temp\455f9887d7bde0118aeaed8c41034026.exe
  C:\Users\Admin\AppData\Local\Temp\455f9887d7bde0118aeaed8c41034026.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\455f9887d7bde0118aeaed8c41034026.exe

Filesize
768KB

MD5
6328fd5887d308ad1a1a89f559d77dd2

SHA1
6e500f49757de4ba49981e954a81fb1d4aa570f9

SHA256
e094f5806511655dae2477b99eef0d7d679be72cf0269502d4f53f5a658c28e7

SHA512
2b60d36e747651f989c0cd899e712b96524b2250c13a29ee60061161d6a77ae8710273f38c58d9372bf78762453fd50fff5ae51defe7bf1221eadb24f97d00e2

Download Submit
\Users\Admin\AppData\Local\Temp\455f9887d7bde0118aeaed8c41034026.exe

Filesize
960KB

MD5
06278e3aae0b6ccfbd700615f3f90fea

SHA1
2eac3cb845af3f49928197b4840b59f5b6d7421d

SHA256
09fce2fa92849757409403aaac6c25ae27df68cb5a61fecab8248fef1e962ecc

SHA512
a5d83bc8905229ec40acd585d5c047ca5fdc665798fe18b440254ab859fa8f4ce421f6256e492222a77cd4328552bf5516052d905771a8b2d730b86080f7ad70

Download Submit
memory/776-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/776-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/776-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/776-24-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2756-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2756-15-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2756-17-0x0000000000230000-0x0000000000342000-memory.dmp

Filesize
1.1MB

Download
memory/2756-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download