6c0d72a8287f2d2bdc363fd7f9a44f099e24db036b85d5d04be759ba259cbdea

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 09:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

45dc6b12cb58eb0f4796b05ede2abf37.exe
Size

5.3MB
MD5

45dc6b12cb58eb0f4796b05ede2abf37
SHA1

b4337e9604e8de6282bbb616a2bbd3356e614344
SHA256

6c0d72a8287f2d2bdc363fd7f9a44f099e24db036b85d5d04be759ba259cbdea
SHA512

79b4ab98b08e4fc2cbb093eb9b7156a94231aff703d0a6d38bfa39c3b59cca6457057749f0e0445093a833702beb1841f07f222789326817018269b786baa3d2
SSDEEP

98304:2kofE9EFCAMvJmWf+46hgfIK2koK/n020SjVJmWf+46hgf:LNEAmQ+XhtRkossSj/mQ+XhU

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3024	45dc6b12cb58eb0f4796b05ede2abf37.exe

Executes dropped EXE 1 IoCs

pid	Process
3024	45dc6b12cb58eb0f4796b05ede2abf37.exe

Loads dropped DLL 1 IoCs

pid	Process
2800	45dc6b12cb58eb0f4796b05ede2abf37.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2800-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012251-10.dat	upx
behavioral1/files/0x000c000000012251-13.dat	upx
behavioral1/memory/3024-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2800	45dc6b12cb58eb0f4796b05ede2abf37.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2800	45dc6b12cb58eb0f4796b05ede2abf37.exe
3024	45dc6b12cb58eb0f4796b05ede2abf37.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 3024	2800	45dc6b12cb58eb0f4796b05ede2abf37.exe	15
PID 2800 wrote to memory of 3024	2800	45dc6b12cb58eb0f4796b05ede2abf37.exe	15
PID 2800 wrote to memory of 3024	2800	45dc6b12cb58eb0f4796b05ede2abf37.exe	15
PID 2800 wrote to memory of 3024	2800	45dc6b12cb58eb0f4796b05ede2abf37.exe	15

C:\Users\Admin\AppData\Local\Temp\45dc6b12cb58eb0f4796b05ede2abf37.exe
"C:\Users\Admin\AppData\Local\Temp\45dc6b12cb58eb0f4796b05ede2abf37.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Temp\45dc6b12cb58eb0f4796b05ede2abf37.exe
  C:\Users\Admin\AppData\Local\Temp\45dc6b12cb58eb0f4796b05ede2abf37.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\45dc6b12cb58eb0f4796b05ede2abf37.exe

Filesize
384KB

MD5
ff2f42702004cdc6445b7633a05143fb

SHA1
6b3d0c7a943206d0d4d1ca757579dcf5a043d98d

SHA256
0c48dd281a8a004b6796ab4cd1731683506b23a98f6bb17cef63e0f9d04df933

SHA512
a0230755dbc087a4eb5bd4d8fae53456d3a3dfb81e89fdcbbc99192d303e1ff207babb222b6ae042db056b12163478b242f44acdd80684ae5e488916b0af3c59

Download Submit
\Users\Admin\AppData\Local\Temp\45dc6b12cb58eb0f4796b05ede2abf37.exe

Filesize
94KB

MD5
2e927101030528d38cf18c7c52b65335

SHA1
7c5e8b6d47e27bf92bff4d60c434e1a1b3a17eaa

SHA256
4b5b77210ac2bcdf9111010b4ec84e9537fa0ee43595bc6e9e3d8c11eeb4c2f0

SHA512
ac8d5bae9e8c149d9d70aabdfee670ea66c95d7de8e9dfc481a9a7734fad063a6227861895a23eddada54e9a5e9ff0c1bda2b44f2b083389c8fce78deb9d8aee

Download Submit
memory/2800-15-0x0000000003B90000-0x000000000407F000-memory.dmp

Filesize
4.9MB

Download
memory/2800-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2800-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2800-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2800-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2800-31-0x0000000003B90000-0x000000000407F000-memory.dmp

Filesize
4.9MB

Download
memory/3024-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3024-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3024-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3024-19-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/3024-25-0x00000000034C0000-0x00000000036EA000-memory.dmp

Filesize
2.2MB

Download
memory/3024-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download