fa07a70bb42555359af37ac8ed3c5b29dda6a6f337bd43fc0995fc52eda7e820

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

447ddb67b81d87351fe15e3795671eb3.exe
Size

5.3MB
MD5

447ddb67b81d87351fe15e3795671eb3
SHA1

5683ea1a0759c49ef71f0cac438b56fbeab441c3
SHA256

fa07a70bb42555359af37ac8ed3c5b29dda6a6f337bd43fc0995fc52eda7e820
SHA512

a0b3e8d12a186835592c37251764742766223900df42f75ae3db0f41127f41dd12c3a4053cb65b17e404d2c27895ea1c004a3f6538b1e18ca10e7840e5cafd65
SSDEEP

98304:WO9r5WE6DHktBcwQDM2YIDULHl2Qk325klqR9wtlHktBcwQDM2YIDULHt:/r5WE0schDHIFhFX9wXschDHIN

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2860	447ddb67b81d87351fe15e3795671eb3.exe

Executes dropped EXE 1 IoCs

pid	Process
2860	447ddb67b81d87351fe15e3795671eb3.exe

Loads dropped DLL 1 IoCs

pid	Process
1216	447ddb67b81d87351fe15e3795671eb3.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1216-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012233-10.dat	upx
behavioral1/memory/1216-13-0x0000000003CA0000-0x0000000004187000-memory.dmp	upx
behavioral1/files/0x000a000000012233-14.dat	upx
behavioral1/memory/2860-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1216	447ddb67b81d87351fe15e3795671eb3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1216	447ddb67b81d87351fe15e3795671eb3.exe
2860	447ddb67b81d87351fe15e3795671eb3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 2860	1216	447ddb67b81d87351fe15e3795671eb3.exe	28
PID 1216 wrote to memory of 2860	1216	447ddb67b81d87351fe15e3795671eb3.exe	28
PID 1216 wrote to memory of 2860	1216	447ddb67b81d87351fe15e3795671eb3.exe	28
PID 1216 wrote to memory of 2860	1216	447ddb67b81d87351fe15e3795671eb3.exe	28

C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe
"C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe
  C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe

Filesize
5.3MB

MD5
df1f53d9472d6ace02fa6b3e957f301e

SHA1
281e51ba3edc892d921a5d8743861040c6288433

SHA256
bf59d092593aaad1df8e6509f57577853b4681e5820da4c316a111548f1619f4

SHA512
721eef2d0e31e4c4430cf5b52bbda39523016acc5488e0a75ff623f9fb9e174db6cf0e0b11f08b6a9585ae978a05dfe4378b3ee87284334c4eb7ddcb3dcb7ad8

Download Submit
\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe

Filesize
2.6MB

MD5
35e3fe459cc03f0f66a5b086441bfbb9

SHA1
e7d2f18d13e2636de1a3590756fe5f90bdb5a0ec

SHA256
eadd022b824093772989a391051a5cb02a8a58e731ae05e05f2a32a5d4c2919a

SHA512
3e5047df38baf3afc4138f1ca2438d6d5a624233c9606e5c5d32f7f83fd914893aff178c26103f9880d2eb97b5d5f78795bd52f2fb9599bbb70ca08b4f905482

Download Submit
memory/1216-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/1216-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1216-13-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/1216-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1216-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2860-17-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2860-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2860-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2860-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2860-25-0x0000000003400000-0x0000000003622000-memory.dmp

Filesize
2.1MB

Download
memory/2860-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download